NEWS FROM THE LAB - Tuesday, June 27, 2006

Kukudro.A - Macro trojan dropper spammed Posted by Katrin @ 19:07 GMT

A new macro trojan dropper has been spammed in various e-mails. The trojan arrives inside zip archives that contain an MS Word document named my_Notebook.doc.

The macro trojan activates during the opening of the document. It extracts a binary file from its code and runs it. The file is saved as C:\666inse_1.exe and is a trojan downloader.

Both the Word document and the binary executable are detected with FSAV update version 2006-06-27_07 as W97M/Kukudro.A and Small.dcu respectively.