12/1: TDSS-F Trojan Copies Itself, Creates Files

Troj/TDSS-F includes functionality to access the internet and communicate with a remote server via HTTP.

When first run Troj/TDSS-F copies itself to (Temp)\TDSS245b.tmp and creates the following files:

System\TDSSoeqh.dll
System\drivers\TDSSmqxt.sys

The file TDSSoeqh.dll is detected as Mal/TDSS-A and the file tdss2361.tmp is detected as Troj/AdvHack-A.

More information can be found at this Sophos page.