Warning:

This is a generic description for the Downloader family of viruses and should be treated as such. Specific details for each variant such as filenames used in the dropped files or registry key entries may vary.

Aliases: NA

Virus Type: General virus downloader application

Description: Program that downloads other malicious software to an infected machine

Filename: Various

Filesize: Various

Infection: Downloaders are primarily applications that download and execute other malicious software. Downloaders may also download multiple files to the infected host.

Downloaders may spread using any of a number of methods. For example, email attachments, Network Shares, etc.

Downloaders will usually use Hyper Text Transfer Protocol (HTTP) to download additional software but the TCP port can vary. Some Downloaders may also use other protocols to download malicious software.

Downloaders may add themselves to the infected host’s registry keys to cause the Downloader to be run as a system service and/or to be started every time the system is started. For example:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Some Downloaders may delete themselves once the malicious software is downloaded.