To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
Malware Overview
This Trojan arrives as attachment to email messages spammed by another malware or a malicious user.
It may be dropped by other malware and may be downloaded unknowingly by a user when visiting malicious Web site(s).
It takes advantage of a known vulnerability in Microsoft Excel that allows remote code execution. More information on the said vulnerability is available in the following Microsoft Web page:
Once it successfully exploits the said vulnerability, it executes a shell code that allows it to drop any of several embedded files on the affected system, including TROJ_SMALL.DCJ, BKDR_AGENT.SNI, BKDR_PCCLIEN.AAA, and BKDR_PCCLIEN.AJT.
It then executes the dropped file(s). As a result, malicious routines of the dropped files are exhibited on the affected system.
- Add new comment
- Read original article.
- Reset vote
- 4 points
