Downloader.JTI is a worm that spreads by copying itself, without infecting other files.
It captures certain information entered or saved by the user, with the corresponding threat to privacy:
- In the local network:
it generates a large amount of network activity and consumes bandwidth.
Downloader.JTI accesses several websites to download files, which it then runs. These can be any type of file, although they are normally malware.
It uses several methods in order to avoid detection by antivirus companies:
- Its code is encrypted and it is only decrypted when it is going to run. Because of this, its code is not legible through a memory dump.
Downloader.JTI does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.