Microsoft Malware Protection Center has found a trojan downloader that does not have any suspicious routines in its initial state. Once it has been started, the small Visual Basic program loads a web page for a Tibetan restaurant. The HTML for this site hides shell code that the program then downloads into RAM and executes. Once the malicious code has been successfully run it copies itself into a system folder and from there begins to keylog. A modern virus scanner’s behaviour monitoring system should be alerted at this point.”]