My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Back to the news list

Doctor Web warns users about dangerous downloader Trojan

November 14, 2012

Russian anti-virus company Doctor Web is informing users about a new Trojan downloader dubbed Trojan.DownLoader7.21125. In terms of architecture, this malware is not complex or in any way remarkable, but it is dangerous due to its wide distribution and ability to download other Trojans onto an infected computer.

Trojan.DownLoader7.21125 is a primitive program whose body contains an unencrypted site URL used to redirect users to another website from which Trojan.DownLoader7.21125 receives a list of addresses for the subsequent downloading of malicious applications. When trying to connect to a control server via HTTP, a web page appears in the browser window and prompts the user to enter their login and password.


Currently Trojan.DownLoader7.21125 downloads and installs onto the infected computer a bitcoin mining program, repacked copies of itself, as well as the following malware:

  • BackDoor.Andromeda.22, a widespread Trojan downloader that also can download other malware and install it on the infected computer.
  • Trojan.Rodricter.21, a multi-component rootkit whose dropper is equipped with anti-debugging features. It exploits OS vulnerabilities to elevate its privileges. It also disables UAC both in 32- and 64-bit versions of Windows. It changes Mozilla Firefox and Internet Explorer settings. The main function of its core module is to intercept traffic on the infected PC.
  • Trojan.PWS.Multi.879, a malicious program that can steal passwords stored by a number of popular applications, including ICQ, Yahoo! Messenger, FTP Commander, Paltalk, AIM, Google Talk, MSN Messenger, Miranda and Trillian.
  • BackDoor.HostBooter.3, a program designed to perform DDoS attacks, as well as download and run files upon a corresponding command from a control server.

All these threats are detected by Dr.Web anti-viruses. Trojan.DownLoader7.21125 can be downloaded to a PC by other malicious applications or get into a system another way including by exploiting browser vulnerabilities. The main danger lies in the program's ability to quickly turn the infected system into a congregation of many other malicious programs. Doctor Web recommends that users keep the virus definitions of their anti-virus programs up to date to maintain reliable system security.

Tell us what you think

To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.

Other comments