Follow:

You have been re-routed to the TrojanDownloader:Win32/Karagany.I write up because TrojanDownloader%3aWin32%2fKaragany.I has been renamed to TrojanDownloader:Win32/Karagany.I
 

TrojanDownloader:Win32/Karagany.I


TrojanDownloader:Win32/Karagany.I is a malware installer ("loader"). It works as a part of a multi-component malware, and may arrive as a result of drive-by download attacks.



What to do now

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:

For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.

Threat behavior

TrojanDownloader:Win32/Karagany.I is a malware installer ("loader"). It works as a part of a multi-component malware, and may arrive as a result of drive-by download attacks.

Installation

TrojanDownloader:Win32/Karagany.I is encountered when visiting malicious or compromised webpages.

Once it has performed its payload, TrojanDownloader:Win32/Karagany.I terminates itself.

Payload

Downloads other malware
TrojanDownloader:Win32/Karagany.I connects to a remote server using HTTP protocol (TCP port 80), which sends an encrypted malware binary file in reply. This file is then decrypted and executed by TrojanDownloader:Win32/Karagany.I. In the wild, this trojan has been observed to download and execute variants of the following malware families:

Analysis by Sergey Chernyshev


Symptoms

There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.

Prevention


Alert level: Severe
First detected by definition: 1.117.2695.0
Latest detected by definition: 1.173.2181.0 and higher
First detected on: Jan 11, 2012
This entry was first published on: Jan 11, 2012
This entry was updated on: Mar 16, 2012

This threat is also detected as:
  • Trojan/Win32.Jorik (AhnLab)
  • TR/Karagany.lnbh (Avira)
  • Win32/TrojanDownloader.Vespula.AF (ESET)
  • Trojan.Win32.Menti.lbbw (Kaspersky)
  • Mal/Miio-B (Sophos)