Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

Downloader.Botten

Downloader.Botten

Discovered:
23 February 2004
Updated:
24 February 2004
Systems Affected:
Windows
Downloader.Botten is a Trojan horse that uses a vulnerability in Microsoft Internet Explorer to download and execute arbitrary code on the system.
Downloader.Botten is a downloader trojan that that downloads an executable. When executed it will create a mutex titled "BotNetd" ensuring that only one copy of the Trojan is running on the system.

It will then connect to either http://66.98.190.39/ or http://sonyasys.com/ and attempt to download a file.

It will then save the file on the local system as one of the following:
%Windir%\Notepad.exe
%System%\Notepad.exe
%Temp%\<random file name>.tmp

It will then create the following registry key to ensure that the file is executed every time Windows is started:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\qbotd = <filename of Trojan>