1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Virus Descriptions
  6. Trojan-Downloader:JS/Agent.CKL

Trojan-Downloader:JS/Agent.CKL

Name : Trojan-Downloader:JS/Agent.CKL
Detection Names : Trojan-Downloader.JS.Agent.ckl
Category:Malware
Type:Trojan-Downloader
Platform:JS

Summary

This type of trojan secretly downloads malicious files from a remote server, then installs and executes the files.

Additional Details

Upon execution, this trojan will try to take advantage of the following vulnerabilities:

  •   Microsoft Office Snapshot Viewer ActiveX vulnerability
  •   Sina DLoader Class ActiveX Control 'DonwloadAndInstall' Method Arbitrary File Download Vulnerability
  •   Internet Explorer (MDAC) Remote Code Execution Exploit (MS06-014)
  •   UUSee UUUpgrade ActiveX Control 'Update' Method Arbitrary File Download Vulnerability
  •   Ourgame 'GLIEDown2.dll' ServerList Method ActiveX Control Remote Code Execution Vulnerability
  •   RealPlayer IERPCtl.IERPCtl.1 (CVE-2007-5601)
  •   Baidu Soba Remote Code Execute Vulnerability
  •   DPClient.Vod (CVE-2007-6144)

If any of these vulnerabilities are present on the user's system, the malware will exploit it in order to download and execute files from the following sites:

  •   http://down.hs7yue.cn/[...]/a2.css - Trojan.Win32.Agent.wnu
  •   http://down.hs7yue.cn/[...]/sina.exe - Trojan.Win32.Agent.wnu
  •   http://down.hs7yue.cn/[...]/Baidu.cab - Trojan-Downloader.Win32.Agent.wps
  •   http://jzm015.cn/[...]115.swf - Exploit.SWF.Downloader.eh
  •   http://jzm015.cn/[...]115.swf - Exploit.SWF.Downloader.eh
  •   http://down.hs7yue.cn/[...]/UU.ini - unavailable

The online F-Secure Health Check can help determine whether a user's system has vulnerabilities which can be exploited, and assist in finding fixes for any vulnerabilities discovered.