We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
TrojanDownloader:Win32/Jowspry.D
Detected by Microsoft Defender Antivirus
Aliases: Win32/Jowspry!generic (CA)
Summary
TrojanDownloader:Win32/Jowspry is a malicious application that uses the Background Intelligent Transfer Service (BITS) to download programs from the Internet, possibly using HTTP or FTP URLs to obtain the files. After the file(s) are downloaded to the compromised computer, they are executed.
The use of BITS could allow TrojanDownloader:Win32/Jowspry to bypass some permission-based firewalls in order to install additional malware. This bypass relies on TrojanDownloader:Win32/Jowspry already being present on the system; it is not an attack vector for initial infection.
TrojanDownloader:Win32/Jowspry may try to masquerade as a non-executable file by using file icons associated with applications such as including Adobe Acrobat (PDF), Microsoft Word document files (.doc), or image icons.
Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as Microsoft Security Essentials, or the Microsoft Safety Scanner. For more information about using antivirus software, see http://www.microsoft.com/security/antivirus/av.aspx.
Follow us
