Trojan-Downloader:W32/Tiny.GG arrives on the system as a downloaded file of Exploit:W32/Ani.D. See the description for Exploit:W32/Ani.C for additional details.

Upon execution, it launches Internet Explorer by using the following hard-coded path:

• C:program filesInternet ExplorerIexplore.exe

It then injects code to the Internet Explorer process to download and execute another file from the following site:

• http://www.ticp.co.kr/images/image/[REMOVED].exe

The downloaded file is already detected as Trojan.Win32.Agent.ads since database update version 2007-03-30_04.

Last update 02 April 2007

 

TOP