The tandem of a Trojan and a worm is now becoming a favorite technique of malware authors for a more successful propagation or attack of their malicious programs. The combination of a Trojan and a worm started from the Troj_Bagle downloading the Worm_Bagle. However, another example of the trojan-worm tandem technique being noticed is in this new TROJ_DROPPER.LV and WORM_MYTOB.KM.
Instead of downloading the Mytob worm, TROJ_DROPPER.LV drops a copy of WORM_MYTOB.KM and a WORM_SDBOT.CHA in the affected system. Then, WORM_MYTOB.KM mass mails an email message containing a link which points to TROJ_DROPPER.LV. Thus, when a user clicks on the link found in the email, the Trojan dropper is downloaded.
This technique can bypass the filters used in email scanning applications that scans or blocks malicious attachments. A good social engineering would then complete the intention of the malware enticing a user to click on the malicious link found in the mail.
The URL link was submitted to the web-blocking query so we have no problem when a user clicks on the malicious link of this malware since it is already blocked in the server.
Instead of downloading the Mytob worm, TROJ_DROPPER.LV drops a copy of WORM_MYTOB.KM and a WORM_SDBOT.CHA in the affected system. Then, WORM_MYTOB.KM mass mails an email message containing a link which points to TROJ_DROPPER.LV. Thus, when a user clicks on the link found in the email, the Trojan dropper is downloaded.
This technique can bypass the filters used in email scanning applications that scans or blocks malicious attachments. A good social engineering would then complete the intention of the malware enticing a user to click on the malicious link found in the mail.
The URL link was submitted to the web-blocking query so we have no problem when a user clicks on the malicious link of this malware since it is already blocked in the server.