Home / malware

PDF

TrojanDownloader:BAT/Ftper.L

First posted on 10 November 2010.
Source: SecurityHome

Aliases :

TrojanDownloader:BAT/Ftper.L is also known as TR/Dldr.PIF.G (Avira), Exploit.Lnk-Dropper.Gen (BitDefender), Pif.Download.based (Dr.Web), BAT/TrojanDownloader.Ftp.NIJ.Gen (ESET), Trojan-Downloader.WiLNK.Small.c (Kaspersky), Mal/DownLnk-B (Sophos), LNK_DLODR.AC (Trend Micro).

Explanation :

TrojanDownloader:BAT/Ftper.L is a detection for a shortcut link that, when opened, connects to a remote server using TFTP (Trivial File Transfer Protocol) to download and execute arbitrary VBScript files.
Top

TrojanDownloader:BAT/Ftper.L is a detection for a shortcut link that, when opened, connects to a remote server using TFTP (Trivial File Transfer Protocol) to download and execute arbitrary VBScript files. InstallationTrojanDownloader:BAT/Ftper.L may arrive as a file attachment to an email message. In the wild, this trojan was observed to have names such as the following: 超搞笑.lnk 相親.lnk våª½ç¥–å–œæ­¡ä½ v.lnk Payload Downloads and executes arbitrary files TrojanDownloader:BAT/Ftper.L attempts to download a VBScript file from the remote server "orglnk.com" over TFTP (Trivial File Transfer Protocol). The downloaded file is then executed. Note: At the time of publishing, the file on the remote sever was not available.

Analysis by Vincent Tiu

Last update 10 November 2010

 

TOP