Trojan starts a new process with the same name as its filename. inject an executable into the process memory and then it drops it into a system file called netmon.exe. It creates registry keys to ensure that the dropped executable file is started on each boot. The fix for these vulnerabilities has been released on 14th Nov. 2007, but attackers still exploit these flaws to spread malware without the users consent. The exploit is downloading executable files from URLs like http://[removed]de.com/bf.css and http://.p.cn:6135/qwer/BF.css.”]
Source: https://www.bitdefender.com/blog/hotforsecurity/bitdefender-weekly-review-remember-sina-dloader/