Downloader.MDW allows hackers to get into and carry out dangerous actions in affected computers, such as capturing screenshots, stealing personal data, etc.
It uses the following techniques to impede detection by antivirus companies:
- It terminates its own execution if it detects that it is being executed in a virtual machine environment, such as VMWare or VirtualPC.
It causes a loss of productivity in the local network to which the compromised computer belongs:
- It generates a large amount of network activity and consumes bandwidth.
It reduces the security level of the computer:
- It notifies the attacker that the computer has been compromised and is ready to be used maliciously.
- It changes system permissions, decreasing the security level.
Means of transmission
Propagation through the exploits of remote vulnerabilities:
Downloader.MDW carries out the following process:
- It spreads by attacking IP addresses obtained at random or from the network to which the infected computer belongs.
- It tries to access the IP addresses under attack by exploiting an existing vulnerability or through an open port.
- If it does this, it downloads a copy of itself onto the vulnerable computer.
Distribution through other examples of malware:
Downloader.MDW does not spread automatically using its own means. It is dropped on computers by other malware: Autorun.F, Multidropper.RGX, Multidropper.RHQ, Multidropper.RHR, Multidropper.RHS, Multidropper.RHT, Multidropper.RHU, Dropper.YB, Dropper.YL, Multidropper.RJU, Multidropper.RJV, Multidropper.RMO, Multidropper.RNB, Multidropper.RNO, Rustock.G, Hupigon.LDN, Delf.AJF.
Downloader.MDW has the following additional characteristics: