Downloader.Botten

Printer Friendly Page

Discovered: February 23, 2004
Updated: February 24, 2004 10:02:18 PM
Systems Affected: Windows

Downloader.Botten is a Trojan horse that uses a vulnerability in Microsoft Internet Explorer to download and execute arbitrary code on the system.

Discovered: February 23, 2004
Updated: February 24, 2004 10:02:18 PM
Systems Affected: Windows

Downloader.Botten is a downloader trojan that that downloads an executable. When executed it will create a mutex titled "BotNetd" ensuring that only one copy of the Trojan is running on the system.

It will then connect to either http://66.98.190.39/ or http://sonyasys.com/ and attempt to download a file.

It will then save the file on the local system as one of the following:
%Windir%\Notepad.exe
%System%\Notepad.exe
%Temp%\<random file name>.tmp

It will then create the following registry key to ensure that the file is executed every time Windows is started:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\qbotd = <filename of Trojan>