Threat Description

Exploit:​JS/Comele.A

Details

Aliases:Exploit.JS.Agent.awb, Exploit.Comele.A
Category:Malware
Type:Exploit
Platform:JS

Summary



A program or technique that takes advantage of a vulnerability to remotely access or attack a program, computer or server.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.



Technical Details



The detection Exploit:JS/Comele.A identifies a malicious website/HTML document, and attempts to exploit a known vulnerability in order to download and run a malicious executable file on the system.

The vulnerability targeted for the exploit is related to CVE-2010-0249.

Payload

If the exploit is successfully executed, it will attempt to download malicious file from http://demo1[..]/[..].jpg and save it under %appdata%\a.exe.

The downloaded malicious binary will be executed and drop another malicious file that is detected as Trojan:W32/Agent.KOG.






SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More