1. /
  2. Security Response/
  3. Trojan.Mdropper

Trojan.Mdropper

Risk Level 1: Very Low

Discovered:
March 19, 2005
Updated:
March 19, 2005 10:54:06 AM
Type:
Trojan
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
Trojan.Mdropper is a detection name used by Symantec to identify malicious software programs that exploit Microsoft Word or Excel vulnerabilities to drop other malware on to the compromised computer.

A Trojan.Mdropper is a type of Trojan whose purpose is to deliver an enclosed payload onto a destination host computer. A dropper is a means to an end rather than the end itself. In other words, the dropper is usually used at the start or in the early stages of a malware attack.

Once this threat is executed, its own code is simply to load itself into memory and then extract the malware payload and write it to the file system. It may perform any installation procedures and execute the newly dropped malware. The dropper usually ceases to execute at this point as its primary function has been accomplished.

This type of threat is used by malware creators to disguise their malware. They create confusion amongst users by making them look like legitimate Microsoft Word or Excel files. They may also perform actions that mislead the user into thinking that nothing untoward is happening on the computer when in fact the Trojan may have already dropped and executed other malicious software.

If a Symantec antivirus product displays a detection alert for this threat, it means the computer is already protected against this threat and the Symantec product will effectively remove this threat from the computer.

Antivirus Protection Dates

  • Initial Rapid Release version March 19, 2005
  • Latest Rapid Release version June 24, 2014 revision 006
  • Initial Daily Certified version March 19, 2005 revision 007
  • Latest Daily Certified version November 6, 2013 revision 025
  • Initial Weekly Certified release date March 23, 2005
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Medium
  • Payload: Exploits Microsoft Word or Excel to drop malware on to the compromised computer.

Distribution

  • Distribution Level: Low
Writeup By: Jarrad Shearer and Hon Lau

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver