Discovered: February 23, 2004
Updated: February 24, 2004 10:02:18 PM
Systems Affected: Windows
Downloader.Botten is a Trojan horse that uses a vulnerability in Microsoft Internet Explorer to download and execute arbitrary code on the system.
Downloader.Botten is a downloader trojan that that downloads an executable. When executed it will create a mutex titled "BotNetd" ensuring that only one copy of the Trojan is running on the system.
It will then connect to either http://220.127.116.11/ or http://sonyasys.com/ and attempt to download a file.
It will then save the file on the local system as one of the following:
%Temp%\<random file name>.tmp
It will then create the following registry key to ensure that the file is executed every time Windows is started:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\qbotd = <filename of Trojan>