Home / malware Trojan-Downloader:W32/Small.EJK
First posted on 26 March 2007.
Source: SecurityHomeAliases :
Trojan-Downloader:W32/Small.EJK is also known as Trojan-Downloader.Win32.Agent.bkb, Trojan.Downloader-4025, TR/Dldr.iBill.AF, Troj/Dloadr-AVS.
Explanation :
Small.EJK is a trojan-downloader that is included in a spam run in Germany.
A sample mail is as follows:
Upon execution, it downloads a trojan-spy from a remote addresses on the web using the following script:
- http://81.95.147.138/[REMOVED]/get_exe.php
- http://marketing-know-how.com/[REMOVED]/get_exe.php
- http://tncmhg.com/images/[REMOVED]/get_exe.php
- http://www.eurowing.us/[REMOVED]/get_exe.php
- http://www.thaitradeshow.com/images/[REMOVED]/get_exe.php
An earlier version of the downloaded trojan was detected as
Trojan-Spy.Win32.BZub.IJ. This was later changed/modified most probably by the author(s). The updated copy is now detected as Trojan-Spy:W32/BZub.IK.
Last update 26 March 2007