is dropped in the system by Trojan:Win32/VB.IQ.dr
. It also drops a copy of itself as %windir%\bravo.exe
As of this writing, exploits for the Pointer Reference Memory Corruption Vulnerability in Internet Explorer are known to drop this trojan in vulnerable systems. Microsoft released Security Bulletin MS08-078
on December 17, 2008 that fixes this vulnerability. Microsoft recommends that users apply this update immediately. Users are advised to refer to Microsoft Security Bulletin MS08-078
for more information.
Downloads Arbitrary Files
Trojan:Win32/VB.IQ may contact the following web servers to download additional malware components:
Drops Other Malware
Trojan:Win32/VB.IQ may drop and execute the following file:
Analysis by Jireh Sanico
The following system changes may indicate the presence of this malware:
The presence of the following registry modifications:
"civic" = "%windir%\kimo.exe"
"ppsap" = "%windir%\bravo.exe"