Home / malware Trojan.Wensal
First posted on 11 February 2015.
Source: SymantecAliases :
There are no other names known for Trojan.Wensal.
Explanation :
The Trojan is usually dropped by a specially crafted document which exploits the Microsoft Windows Common Controls ActiveX Control Remote Code Execution Vulnerability (CVE-2012-0158).
When the Trojan is executed, it creates the following files: %Temp%\M.T%Temp%\M.B
Next, the Trojan connects to the following remote location: word.salweenadsoft.net:53
The Trojan may then download additional malware on the compromised computer.Last update 11 February 2015
