Threat Description

Small.avu

Details

Aliases:Small.avu, Trojan-Downloader.Win32.Small.avu, W32/Small.avu, Backdoor.Win32.Dumador.bl, Backdoor.Win32.Dumadoor.bl
Category: Malware
Type:
Platform: W32

Summary



We got several reports about the 'Small.avu' trojan downloader on May 24th, 2005. According to those reports the trojan was spammed to a large number of people in e-mail messages. The trojan downloader is programmed to download and run a Dumador backdoor variant from a website.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.



Technical Details



The trojan downloader's file is a PE executable 1648 bytes long, packed with FSG file compressor.

According to the reports the trojan downloader was spammed with e-mail messages that looked like that:

Subject:

ISTE RUS CITIRLAR

Body:

SELAM BEYLER!!!!
 NATASHALAR SIZLERI BEKLIYOR::::..
 HERZAMAN BIR RUSYALI NATASHA ILE SEX DOLU BIR GECE YASAMAYI HEPINIZ
 DUSUNMUSSUNUZDUR.ISTE FIRSAT.BU GERCEKLESEBILIR,YUZLERCE RUS KIZI
 TURKIYEYE GELMEK ICIN SIZLERI BEKLIYOR.7/24 SIZINLE VE EMRINIZDE.
 MAILIMIZDE KIZLARIMIZIN RESIMLERINI GOREBILIRSINIZ.BEGENIN,SECIN.VE SIZIN OLSUN.
 GERISI SIZE KALMIS:::.

The trojan downloader's file was attached to these messages as 'ATTACH.RAR.EXE' file. When this file is run by a user, it attempts to download and run a variant of Dumador backdoor from the following website:

tr.distributed-hosting.com

We have reported the abuse to the ISP that hosts that website.



Detection


The downloaded Dumador backdoor variant is detected as 'Backdoor.Win32.Dumador.bl' with the following F-Secure Anti-Virus update:
Detection Type: PC
Database: 2005-04-27_05

The trojan downloader is detected as 'W32/Small.avu' with the following F-Secure Anti-Virus update:
Detection Type: PC
Database: 2005-05-24_05



Description Created: Alexey Podrezov, May 24th, 2005


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More