Updated: February 13, 2007 11:33:36 AM
Type: Spyware
Risk Impact: High
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
When Spyware.Dlder was installed in the test lab, it displayed several characteristics that are similar to those of backdoor Trojan Horses.
When the installer of Spyware.Dlder is executed, it does the following.
- Does not display information on the screen.
- Creates several files and registry keys on the system.
- Attempts to download an additional file.
The main file of this Spyware component is Dlder.exe, which was inserted as a hidden file in the \Windows folder.
When the installer executes this spyware, it attempts to contact the site www.2001-007.com and download a file named Explorer.exe to a hidden folder in the \Windows folder, named "Explorer" (not to be confused with the Microsoft file, Explorer.exe, in the Windows folder). It is this downloaded Explorer.exe that contains the main functionality of this spyware application.
When this spyware component runs, it constantly submits Internet usage statistics to a server. This information includes the GUID, IP address, and the Web sites that have been visited since the last usage submission by Spyware.Dlder.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
