Home / malwarePDF  

TrojanDownloader:JS/Psyme.T


First posted on 08 May 2013.
Source: Microsoft

Aliases :

TrojanDownloader:JS/Psyme.T is also known as Psyme.BM (Norman), Trojan-Downloader.VBS.Psyme.qn (Kaspersky), VBS/Psyme.EN (Command).

Explanation :



TrojanDownloader:JS/Psyme.T is a detection for malicious code that attempts to exploit a vulnerability in Microsoft Data Access Components and Remote Data Service (RDS).

The vulnerabilities, discussed in CVE-2006-0003 and MS Security Bulletin MS06-014, allow this malware to download and run arbitrary files if you visit a malicious webpage using Internet Explorer.

You may encounter this threat when visiting specially crafted malicious or compromised webpages with Internet Explorer. When visiting the webpage, the malicious code is run. If your computer is vulnerable, the code attempts to download arbitrary files from the URL members/lycos.co.uk/<removed>/server.exe. We have observed the file being download as svacm.exe into the following paths:

  • C:\Windows\Temp
  • C:
  • C:\Temp
  • D:\Windows\Temp
  • D:\




Analysis by Karthik Selvaraj

Last update 08 May 2013

 

TOP