Home / malware

PDF

TrojanDropper:Win32/Hamweq

First posted on 27 March 2009.
Source: SecurityHome

Aliases :

TrojanDropper:Win32/Hamweq is also known as Also Known As:Trojan:Win32/VB.YCG (Microsoft), Dropper.VB.3.AX (AVG), Trojan.Generic.1277940 (BitDefender).

Explanation :

TrojanDropper:Win32/Hamweq is a trojan that drops and installs Worm:Win32/Hamweq.A, a worm that spreads via removable drives, such as USB memory sticks. It contains an IRC-based backdoor, which may be used by a remote attacker to order the affected machine to participate in Distributed Denial of Service attacks, or to download and execute arbitrary files.

Symptoms
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).

TrojanDropper:Win32/Hamweq is a trojan that drops and installs Worm:Win32/Hamweq.A, a worm that spreads via removable drives, such as USB memory sticks. It contains an IRC-based backdoor, which may be used by a remote attacker to order the affected machine to participate in Distributed Denial of Service attacks, or to download and execute arbitrary files.

Installation
TrojanDropper:Win32/Hamweq is installed by other malware or by visiting a malicious Web site. When run, it starts itself as a suspended process and then overwrites the contents of the new process with an embedded and encrypted copy of Worm:Win32/Hamweq.A.Additional InformationFor more information about Worm:Win32/Hamweq.A, please see our description elsewhere in the encyclopedia.

Analysis by Dan Kurc

Last update 27 March 2009

 

TOP