The Trojan may arrive as a PDF or Word icon.
When the Trojan is executed, it creates the following file:
The Trojan executes using the following command line:
"rundll32.exe Shell32.dll,Control_RunDLL %TEMP%\strFileDestVar1.cpl"
The Trojan then attempts to download and execute files from the following remote sites:
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":