Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.



23 February 2004
24 February 2004
Systems Affected:
Downloader.Botten is a Trojan horse that uses a vulnerability in Microsoft Internet Explorer to download and execute arbitrary code on the system.
Downloader.Botten is a downloader trojan that that downloads an executable. When executed it will create a mutex titled "BotNetd" ensuring that only one copy of the Trojan is running on the system.

It will then connect to either or and attempt to download a file.

It will then save the file on the local system as one of the following:
%Temp%\<random file name>.tmp

It will then create the following registry key to ensure that the file is executed every time Windows is started:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\qbotd = <filename of Trojan>