Home / malware

PDF

TrojanDownloader:Win32/Swif.M

First posted on 04 February 2009.
Source: SecurityHome

Aliases :

TrojanDownloader:Win32/Swif.M is also known as Also Known As:Exploit.SWF.Downloader.ks (Kaspersky), Exploit.SWF.Agent.e (Kaspersky).

Explanation :

TrojanDownloader:Win32/Swif.M is a trojan that attempts to exploit a vulnerability in Adobe Shockwave Flash. Successful exploitation of this vulnerability could result in arbitrary code execution. In the wild, this trojan has been used in order to download arbitrary files onto an affected system.

Symptoms
There are no obvious symptoms that indicate the presence of this malware on an affected machine.

TrojanDownloader:Win32/Swif.M is a trojan that attempts to exploit a vulnerability in Adobe Shockwave Flash. It has been distributed as a swf format file. Successful exploitation of this vulnerability could result in arbitrary code execution. In the wild, this trojan has been used in order to download arbitrary files onto an affected system.

Installation
The trojan attempts to exploit a vulnerability in Adobe Shockwave Flash that could execute arbitrary code.

Payload
Downloads and Executes Arbitrary FilesWhen the malformed swf file executes on a vulnerable system, it attempts to download from particular URLs. We have observed this trojan downloading files from the following domains:www.zmjjjyy.cn
xdrv.info
msdownloads.net
ex2tracking.comAdditional InformationAdobe has published a Security Bulletin APSB08-11 addressing the vulnerability.

Analysis by Dan Kurc

Last update 04 February 2009

 

TOP