7/9: Bkdr_Fonamebot.A Backdoor Drops Copy of Itself
Bkdr_Fonamebot.A is a backdoor that drops a copy of itself as WMIPRVSE.EXE in the root folder of the system.
It performs its backdoor routine by sending a domain name query on a malicious DNS server. It randomly chooses a domain name from a list, so that the traffic generated will not be suspicious.
When the malicious DNS server receives this query it replies with a command to perform arbitrary action on the affected machine, thus compromising system security.
Technical details can be found at this Trend Micro page.