We came across a website that looks like a legitimate Microsoft Site which hosts a Trojan. The links and images are mirrored from the original Microsoft page except for the “download” button. (Click on the image below for a larger size)
![](http://extracare.trendmicro-europe.com/tm/core/global/images/diary/4aa1b25245630270fa763e625e95a149_ms.jpg)
It is noted that when you click on the “download” button it points to an executable file, explorer-fix-3435.exe which is a Trojan. The file is being processed by the service team as of the moment. Do hold on for updates.
![](http://extracare.trendmicro-europe.com/tm/core/global/images/diary/4aa1b25245630270fa763e625e95a149_ms.jpg)
It is noted that when you click on the “download” button it points to an executable file, explorer-fix-3435.exe which is a Trojan. The file is being processed by the service team as of the moment. Do hold on for updates.
Update (JoneZ, 11 November 2005 16:51:05)
The file is to be detected asBDKR_SPYDOOR.A.
Below are some strings found in one of the files that this malware drops:
“We are the master of desaster!
Rennemy Crew, Australia”
Below are some strings found in one of the files that this malware drops:
Rennemy Crew, Australia”