Threat Database Trojans Trojan.Mdropper

Trojan.Mdropper

By GoldSparrow in Trojans

Since March of 2005, certain security software manufacturers have used the detection Trojan.Mdropper to indicate the presence of a specific type of Trojan on an infected computer. These kinds of Trojans can infect versions of Windows going back to Windows 95 and are characterized by their use of known vulnerabilities in the Microsoft Office Suite, particularly in Microsoft Word and Excel, to drop other kinds of malware threats on the victim's computer. Trojan droppers like Trojan.Mdropper are designed to deliver other malware and are typically used in the early stages of a multi-component malware attack with multiple stages.

Trojan.Mdropper Trojans load themselves into the infected computer's memory and drop executable files belonging to other, more dangerous malware threats. They are often difficult to study because they tend to be designed so that they will delete themselves after they have accomplished their task, leaving no evidence behind. The main reason Trojans like Trojan.Mdropper are used is because they can be easily disguised as DOC of XLS files (Microsoft Word and Excel documents). Although most computer users know enough to not download executable files without knowing their source, fewer computer users know that other seemingly harmless files, such as PDF, DOC and XLS files, can also be corrupted in order to deliver malware.

There are several strategies criminals use to deliver malware on their victims' computers. Trojan droppers are among the most common delivery systems for other Trojans. They typically act as a container for other malware, usually referred to as a payload. When they are executed, they deliver this payload and install it on the victim's computer. Most of the time, hackers use Trojan droppers like Trojan.Mdropper instead of delivering their malware directly because they are more easy to disguise and more difficult to detect as malware. In some cases, opening a corrupted DOC or XLS file will simply result in an error message, while, in other cases, an actual Microsoft Word or Excel document is opened. However, its payload will be delivered in the background, without the victim's knowledge.

Common Symptoms Associated with Trojan.Mdropper

Trojan.Mdropper and other Trojan droppers can conceivably be used to deliver any kind of malware. These kinds of threats deliver executable files with extensions like EXE or DLL, often opening a back door into the infected computer. Trojan.Mdropper Trojans will typically cause no symptoms, except an occasional error message. However, their payload will frequently cause severe problems on the infected computer, which will alert the computer user of their presence.

File System Details

Trojan.Mdropper may create the following file(s):
# File Name Detections
1. %UserProfile%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
2. %Temp%\Word8.0\ShockwaveFlashObjects.exd
3. %Temp%\~WRD0001.doc

Related Posts

Trending

Most Viewed

Loading...