F-Secure Virus Descriptions : MultiDropper-LA
[Summary] | [Detailed Description] | [Detection]
| NAME: | MultiDropper-LA |
| ALIAS: | Neblso.A, W32/MultiDropper-LA |
Files detected as MultiDropper-LA drop already detected worms into the system's
temporary files folder and execute them.
We have received four samples which, upon being executed, will drop two files into
the system's temporary files folder. The dropped files are old malware, already
detected by F-Secure Anti-Virus.
All the variants we received drop two files. We now provide their filenames and
current detection results.
%Temp%/document.txt .exe Infected: W32/NetSky.P@mm
%Temp%/your_details.exe Infected: I-Worm.Sobig.f
%Temp%/document.txt .exe Infected: W32/NetSky.P@mm
%Temp%/msblast.exe Infected: Worm.Win32.Lovesan.a
%Temp%/document.txt.jpg Infected: W32/NetSky.P@mm
%Temp%/msbLAST.EXE-1C3A3376.pf.exe Not an executable
%Temp%/your_details.exe Infected: I-Worm.Sobig.f
%Temp%/msblast.exe Infected: Worm.Win32.Lovesan.a
Afterwards those files are run, triggering all the known effects produced by
those worms.
F-Secure Anti-Virus detects W32/MultiDropper-LA starting from the
following update:
[FSAV_Database_Version]
Version=2004-07-27_02
Writeup:
Ero Carrera, July 27th, 2004;
F-Secure Corporation
|
![](/images/pixel.gif"){kind=tracking}
