Content
W32/MoFei.worm.dr
- Type
- Trojan
- SubType
- Dropper Worm
- Discovery Date
- 08/20/2003
- Length
- Varies
- Minimum DAT
- 4288 (08/20/2003)
- Updated DAT
- 5052 (06/13/2007)
- Minimum Engine
- 5.1.00
- Description Added
- 04/20/2004
- Description Modified
- 09/04/2006 8:13 AM (PT)
Tab Navigation
Characteristics
W32/Mofei.worm.dr is a trojan that installs the W32/Mofei.worm virus upon opening of a malicious document or self-extracting (SFX) archive file.
Most recently, it is delivered via a specially crafted Microsoft Word document. This specially crafted Word document exploits a zero-day vulnerability in Microsoft Office 2000 to drop and execute a Win32 executable embedded inside the document.
When successful, it drops and executes an executable file which installs W32/Mofei.worm with the following filename(s)
- %Windir%\System32\clipbook.exe
- %Windir%\System32\clipbook.dll
The W32/Mofei.worm executable can be proactively detected in specific products with program heuristics as New Malware.n since DAT version 4677.
(Where %Windir% is the Windows folder, e.g. C:\Windows)
Symptoms
Presence of one or more of the following file(s) detected as W32/Mofei.worm:
- %Windir%\System32\clipbook.exe
- %Windir%\System32\clipbook.dll
(Where %Windir% is the Windows folder, e.g. C:\Windows)
Method of Infection
W32/Mofei.worm.dr can be mass spammed. Most recently, it is crafted as a Microsoft Word document that exploits a zero-day vulnerability in Microsoft Office 2000.
Removal
All Users:
Use specified engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Variants
Variants
N/A
All Information
Overview -
W32/Mofei.worm.dr is a trojan that installs the W32/Mofei.worm virus upon opening of a malicious document or sefl-extracting (SFX) archive file.
Most recently, it is delivered via a specially crafted Microsoft Word document. This specially crafted Word document exploits a zero-day vulnerability in Microsoft Office 2000 to drop and execute a Win32 executable embedded inside the document.
Aliases
- TROJ_MDROPPER.BR (TrendMicro)
- Trojan-Dropper.MSWord.1Table.bv (Kaspersky)
- Trojan.Mdropper.Q (Symantec)
Characteristics
Characteristics -
W32/Mofei.worm.dr is a trojan that installs the W32/Mofei.worm virus upon opening of a malicious document or self-extracting (SFX) archive file.
Most recently, it is delivered via a specially crafted Microsoft Word document. This specially crafted Word document exploits a zero-day vulnerability in Microsoft Office 2000 to drop and execute a Win32 executable embedded inside the document.
When successful, it drops and executes an executable file which installs W32/Mofei.worm with the following filename(s)
- %Windir%\System32\clipbook.exe
- %Windir%\System32\clipbook.dll
The W32/Mofei.worm executable can be proactively detected in specific products with program heuristics as New Malware.n since DAT version 4677.
(Where %Windir% is the Windows folder, e.g. C:\Windows)
Symptoms
Symptoms -
Presence of one or more of the following file(s) detected as W32/Mofei.worm:
- %Windir%\System32\clipbook.exe
- %Windir%\System32\clipbook.dll
(Where %Windir% is the Windows folder, e.g. C:\Windows)
Method of Infection
Method of Infection -
W32/Mofei.worm.dr can be mass spammed. Most recently, it is crafted as a Microsoft Word document that exploits a zero-day vulnerability in Microsoft Office 2000.
Removal -
Removal -
All Users:
Use specified engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Additional Windows ME/XP removal considerations
Variants
Variants -
N/A
