TROJ_VB.ZAA

Overview Solution Technical Details

Malware type: Trojan Aliases: No Alias Found In the wild: Yes Destructive: No Language: English Platform: Windows 98, ME, NT, 2000, XP, Server 2003 Encrypted: No Overall risk rating: Low Reported infections: Low Damage potential: High Distribution potential: Low Description:  Trend Micro has flagged this malware as noteworthy due to the increased potential for damage, propagation, or both, that it possesses. This Trojan is related to another noteworthy entry BKDR_VBOT.A To get a one-glance comprehensive view of the behavior of this malware, refer to the Threat Diagram shown below. It creates registry entries to enable its automatic execution at every system startup. It attempts to connect to servers using TCP post 8585 to listen for commands coming from a remote computer. Once a connection is successfully established, it may download other files including its components, ntconf32.dll, msimsg32.vxd and ntsys32.vxd. It also connects to the following URLs via HTTP. It modifies registry key(s)/entry(ies) as part of its installation routine.