Malware type: File infector

Aliases: No Alias Found

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 2000, XP, Server 2003

Encrypted: No

Description: 

Trend Micro has flagged this threat as noteworthy due to the increased potential for damage, propagation, or both, that it possesses.

Malware Overview

This file infector may be downloaded from remote sites by other malware. It may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites.

It enumerates network shares and drops .DLL files. It then drops a .LNK file that automatically executes the said file. The .LNK may use any different file names.

The said shortcut file is detected as LNK_STUXNET.SM. It takes advantage of the following vulnerability in Windows Shell that could allow arbitrary commands to be executed:

• Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)

The .DLL then drops the malware file detected as PE_SALITY.BA-O. It then executes the dropped file. As a result, malicious routines of the dropped file are also exhibited on the affected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jul. 27, 2010 12:52:48 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.