14 DAY TRIAL // Microsoft's Internet Explorer is once again the favorite target of virus writers, as another Trojan horse has been spotted in the wild by security vendor Trend Micro. TROJ_PATCH.CD has a high damage potential and may seriously harm the Windows 98, ME, NT, 2000, XP and Server 2003 platforms. The entire infection process is quite smart and you'll understand why in the next few lines. But before starting talking about the Trojan's behavior, you should know that TROJ_PATCH.CD targets the iexplore.exe executable file used by Microsoft's web-browser bundled into Windows. This way, the Trojan writer is sure his infection is started every time an affected user attempts to browse the web.
First of all, the Trojan deletes the "%Systemdir%dllcacheiexplore.exe" file and renames its executable file to "iexplore.exe". According to the security company, the Trojan files can be found in "%User_Temp%ore.exe."
"It creates a backup original copy of the file %ProgramFiles%Internet Exploreriexplore.exe and saves it as %User_Temp%~0re.tmp", Trend Micro explained. "Afterwards, it replaces the original file %ProgramFiles%Internet Exploreriexplore.exe with the malware copied file %Systemdir%dllcacheiexplore.exe."
This way, the Trojan writer makes sure that, every time the computer user attempts to use the Microsoft browser to navigate on the web, the infection is also started. Moreover, it doesn't create new registry entries to place the Trojan in the Startup folder, avoiding getting detected by potential security applications installed on an affected computer.
And today's piece of advice: avoid visiting malicious websites that may attempt to deploy the infection and don't forget to install the latest virus definitions, to make your antivirus able to detect the Trojan. Moreover, you should apply the latest Windows patches, because virus writers are always looking to exploit more or less critical vulnerabilities found on a targeted computer.