McAfee > Theat Center > Virus Detail Page

Overview

Generic Downloader.bk is a detection for Macromedia Flash based trojans that downloads and executes a file from a remote site. As the website being communicated is normally controlled by the malware author, any files being downloaded can be remotely modified and the behavior of these new binaries altered - possibly with every user infection. This description is meant as a general guide.

Aliases

• Download.Swif (Symantec)

Characteristics

Infection typically occurs when a malicious web site is visited.

Once the Macromedia Flash trojan horse is downloaded and executed, it attempts to download more malware from the following URLs.

http://www.thegandj.com/[Removed]/JavaPlugin.exe
http://hometown.aol.com.au/[Removed]/Cartao522.exe

The file will then be automatically executed on the infected machine.

The nature of the downloaded file may vary. As the presence of these trojans and remote files are discovered, sites hosting these files are frequently taken down, so the downloading may cease to function as expected.  This may result in HTML error messages being displayed or the remote file simply not being downloaded at all.

Symptoms

Desktop firewall program alerting that an application is attempting to access the Internet.

Method of Infection

Infection typically occurs when a malicious web site is visited. The purpose of this trojan is simply to download a file from the Internet and execute it. It does not self-replicate.

Removal

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

Generic Downloader.bk is a detection for Macromedia Flash based trojans that downloads and executes a file from a remote site. As the website being communicated is normally controlled by the malware author, any files being downloaded can be remotely modified and the behavior of these new binaries altered - possibly with every user infection. This description is meant as a general guide.

Aliases

• Download.Swif (Symantec)

Characteristics

Characteristics -

Infection typically occurs when a malicious web site is visited.

Once the Macromedia Flash trojan horse is downloaded and executed, it attempts to download more malware from the following URLs.

http://www.thegandj.com/[Removed]/JavaPlugin.exe
http://hometown.aol.com.au/[Removed]/Cartao522.exe

The file will then be automatically executed on the infected machine.

The nature of the downloaded file may vary. As the presence of these trojans and remote files are discovered, sites hosting these files are frequently taken down, so the downloading may cease to function as expected.  This may result in HTML error messages being displayed or the remote file simply not being downloaded at all.

Symptoms

Symptoms -

Desktop firewall program alerting that an application is attempting to access the Internet.

Method of Infection

Method of Infection -

Infection typically occurs when a malicious web site is visited. The purpose of this trojan is simply to download a file from the Internet and execute it. It does not self-replicate.

Removal -

Removal -

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A