Clicktilluwin DLDER Trojan

[<jon () kirkbrideonline com>]

In-Reply-To: <20011230032402.5229.qmail () mail securityfocus com>

I found this vulnerability in the latest Limewire 2.0.2 
gnutella client download. This crap gets installed 
whether you like it or not. On my WinXP machine, it 
was running a new service called bargains.exe that 
was located in c:\program files\bargain buddy. The 
dlder.exe file resides in C:\windows. I deleted the files 
before I looked at their content but there appeard to 
be some DB type files in the folder. Norton's latests 
pattern files (12/29) will detect the dlder.exe file but 
there's no info on their website about it yet. Anyone 
have a handle on what this thing is doing?