Downloader.Swif.C is a Trojan that can download more threats and execute in the infected computer. It will take advantage of the Adobe Flash Player Multimedia File Remote Buffer Overflow Vulnerability to run the code without user’s intervention. Once the Trojan loads, it may carry out harmful task on the compromised PC. The Trojan can also redirect Internet browser to a web site where malicious SWF file is located.
Alias: Trojan-Downloader.SWF.Small.ag, Troj/SWFdlr-Gen, SWF_DLOADER.ZTS, SWF_DLOADER.YVN, SWF_DLOADER.YVM
Damage Level: Low
Systems Affected: Windows 9x, 2000, XP, Windows Vista
When the Trojan executes, it opens an instance of Flash Player simultaneous with Internet Explorer and redirect victims to a malicious web address. This may lead to exploitation of Adobe Flash Player Multimedia File Remote Buffer Overflow Vulnerability that causes the affected system to download additional threats from a predefined location.
Downloaded threat is saved under Windows Temporary folder as ORZ.EXE, identified as a Trojan Horse.
Downloader.Swif.C may arrive on a computer as a downloaded file from a remote site that disguises as useful application. An especially designed .SWF file checks Flash Player version installed on target computer. It access various web address depending on detected Flash Player version. If it detects that system has version, 184.108.40.206, it tries to visit the following address:
Both URL’s displayed above are not available as of this writing.