Home / malwarePDF  

Trojan-Downloader:W32/Exchanger.AJ


First posted on 05 September 2008.
Source: SecurityHome

Aliases :

There are no other names known for Trojan-Downloader:W32/Exchanger.AJ.

Explanation :

This type of trojan secretly downloads malicious files from a remote server, then installs and executes the files.

right]This malware is spread via spam emails with the title "CNN Alerts". These emails are crafted to resemble a real CNN news alert email.



The spam emails contain a link or links; in this case, the links are "Usher re-hires mother as manager" and "FULL STORY". When the user clicks these links, a prompt will appear requesting the user to download and execute a file named "adobe_flash.exe", which is purported to be necessary to read the full story. The downloadable file is in fact malware. Once the file is downloaded and installed, it then starts as a service and will start on every subsequent system startup as well.

The malware first connects to a remote server and sends information about the infected system. Once this connection to the remote server is established, the malware may also be instruted to download and execute additional malware onto the infected system.

Last update 05 September 2008

 

TOP