Select local site

| Japanese | Simplified Chinese | Traditional Chinese (Hong Kong) | Traditional Chinese (Taiwan)

F-Secure Malware Information Pages: Trojan-Downloader:W32/Small.EJK
[Summary] | [Detailed Description]

Name : Trojan-Downloader:W32/Small.EJK
Alias:Trojan-Downloader.Win32.Agent.bkb, Trojan.Downloader-4025, TR/Dldr.iBill.AF, Troj/Dloadr-AVS
Type:Trojan-Downloader
Category:Malware
Platform:W32
Radar

Summary
Small.EJK is a trojan-downloader that is included in a spam run in Germany.
Back to the Top

Detailed Description
Small.EJK is a trojan-downloader that is included in a spam run in Germany.

A sample mail is as follows:



Upon execution, it downloads a trojan-spy from a remote addresses on the web using the following script:

  • http://81.95.147.138/[REMOVED]/get_exe.php
  • http://marketing-know-how.com/[REMOVED]/get_exe.php
  • http://tncmhg.com/images/[REMOVED]/get_exe.php
  • http://www.eurowing.us/[REMOVED]/get_exe.php
  • http://www.thaitradeshow.com/images/[REMOVED]/get_exe.php

An earlier version of the downloaded trojan was detected as
Trojan-Spy.Win32.BZub.IJ. This was later changed/modified most probably by the author(s). The updated copy is now detected as Trojan-Spy:W32/BZub.IK.
Back to the Top



F-Secure Corporation

Last Modified: March 23, 2007