F-Secure Malware Information Pages: Trojan-Downloader:W32/Valenavir.A

Main Index

Security Guide

F-Secure World Map

Security Alerts

Virus Statistics

Malware Removal Tools

Malware Code Glossary

Submit Malware Sample

Select local site

Main Index » Security Centre » Descriptions

F-Secure Malware Information Pages: Trojan-Downloader:W32/Valenavir.A

[Summary] \| [Detailed Description]
Name :	Trojan-Downloader:W32/Valenavir.A
Alias:	Trojan-Downloader.Win32.Small.dge, Valenavir.A
Type:	Trojan-Downloader
Category:	Malware
Platform:	W32

Radar

Summary

Valenavir.A disguises itself as a Valentine's eCard notification. When you click on the link in the notification e-mail, it will redirect you to a page that attempts to persuade users into installing additional malware.

Back to the Top

Detailed Description

Trojan-Downloader:W32/Valenavir.A disguises itself as a Saint Valentine's Day eCard notification.

The eCard notification arrives in spammed e-mail. When you click on the link in the e-mail, it will redirect you to a page that asks you to install a fraudulent Adobe Flash Player. The software is supposedly required in order to view the eCard. This fraudulent application is actually a Trojan-Spy that downloads and installs a Trojan-Spy:W32/BZub variant onto the system.

Once installed, Valenavir.A connects to:

http://www.nownames.org/new/[blocked].php?l=Un

Which redirects to:

http://dedmazay.3322.org/images/[blocked].exe.

The attempted download is detected as Trojan-Spy:W32/Bzub.HZ.

Back to the Top

F-Secure Corporation

Last Modified: February 14, 2007