Threat Description

MultiDropper-LA

Details

Aliases: MultiDropper-LA, Neblso.A, W32/MultiDropper-LA
Category: Malware
Type:
Platform: W32

Summary


Files detected as MultiDropper-LA drop already detected worms into the system's temporary files folder and execute them.



Removal


We have received four samples which, upon being executed, will drop two files into the system's temporary files folder. The dropped files are old malware, already detected by F-Secure Anti-Virus.



Technical Details


All the variants we received drop two files. We now provide their filenames and current detection results.

  • %Temp%/document.txt .exe Infected: W32/NetSky.P@mm
  • %Temp%/your_details.exe Infected: I-Worm.Sobig.f
  • %Temp%/document.txt .exe Infected: W32/NetSky.P@mm
  • %Temp%/msblast.exe Infected: Worm.Win32.Lovesan.a
  • %Temp%/document.txt.jpg Infected: W32/NetSky.P@mm
  • %Temp%/msbLAST.EXE-1C3A3376.pf.exe Not an executable
  • %Temp%/your_details.exe Infected: I-Worm.Sobig.f
  • %Temp%/msblast.exe Infected: Worm.Win32.Lovesan.a

Afterwards those files are run, triggering all the known effects produced by those worms.



Detection


F-Secure Anti-Virus detects W32/MultiDropper-LA starting from the following update:

Detection Type: PC
Database: 2004-07-27_05



Description Details: Ero Carrera, July 27th, 2004


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More