The 'Small' trojan downloader family consists of more than 370
different variants (info by June 28th, 2004). The main
characteristic of these downloaders is that they are very compact
(a few kilobytes long) and that they hiddenly download and run
executable files on a user's computer.
Many of these downloaders are compressed with different file
compressors to reduce their size and to hide their contents from
users' eyes. Some of the downloaders from the 'Small' family
download adware/spyware, searchware (third-party search plugins),
some of them download real trojans and backdoors. But they all do
that without any notification to a user and without his approval.
Quite often these downloaders are dropped and activated on users'
computers from webpages that are visited with Internet Explorer.
For the generic description of a trojan downloader and for
disinfection instructions for this type of malware please refer
to this webpage:
http://www.europe.f-secure.com/v-descs/trojdown.shtml
Writeup:
Alexey Podrezov, June 28th, 2004;
F-Secure Corporation
