Home / malware Trojan-Downloader:W32/Oficla.AE
First posted on 05 July 2010.
Source: SecurityHomeAliases :
Trojan-Downloader:W32/Oficla.AE is also known as TrojanDropper:Win32/Oficla (Microsoft), Mal/EncPk-NS (Sophos), Trojan.Sasfis (Symantec), Win32/Oficla.GQ (Other).
Explanation :
A trojan that secretly downloads malicious files from a remote server, then installs and executes the files.
Additional DetailsTrojan-Downloader:W32/Oficla.AE is distributed as an attachment to fake e-mail messages; once installed, the trojan-downloader connects to a remote server.
Propagation
Oficla.AE is distributed as executable or zipped files attached to misleading e-mail messages. Some of the most common messages used to deliver this trojan involve fake offers for iTunes Gift certificates or for Amazon.com orders; other attachments are disguised as resumes.
The text in the e-mail message entices the unsuspecting user to launch the attached file, which installs and executes the trojan.
Installation
Once the attached executable file is launched, the trojan creates the following files:
€ %Temp%\1.tmp € %System%\pgsb.lto
It also makes changes to the Windows Registry to ensure the installed copy is launched when the computer is started up.
Activity
Once installed on the computer, the trojan opens a connection to a remote server, from which it may download additional malicious programs.Last update 05 July 2010