Home / malware Trojan:Win32/Vasport.A
First posted on 22 May 2012.
Source: MicrosoftAliases :
Trojan:Win32/Vasport.A is also known as Generic BackDoor.u (McAfee).
Explanation :
Trojan:Win32/Vasport.A is a trojan that attempts to communicate with a remote server without your consent.
Installation
Trojan:Win32/Vasport.A may be encountered when opening a malicious Word document that contains an exploit, detected as Exploit:Win32/CVE-2012-0779.D. When Exploit:Win32/CVE-2012-0779.D is opened on a vulnerable computer, it extracts Trojan:Win32/Vasport.A, which is stored within the malicious document as an embedded object, as the following:Your system registry is updated to run the trojan when you start Windows. In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\RunSets value: "ServiceEXE"To data: "%APPDATA%\conime.exe"
- %APPDATA%\conime.exe
Payload
Communicates with a remote serverThis trojan attempts to communicate with a remote server named "svr01.passport.ServeUser.com:80" and could possibly download arbitrary files.
Analysis by Vincent TiuLast update 22 May 2012
