|
|
|  |
|
|
|
|
F-Secure Malware Information Pages: Trojan-Downloader:JS/Agent.CKL

|
|
|
| Radar |
 |
|
|
|
Summary
|
| This type of trojan secretly downloads malicious files from a remote server, then installs and executes the files. |
|
|
|
Additional Details
|
Upon execution, this trojan will try to take advantage of the following vulnerabilities:
- Microsoft Office Snapshot Viewer ActiveX vulnerability
- Sina DLoader Class ActiveX Control 'DonwloadAndInstall' Method Arbitrary File Download Vulnerability
- Internet Explorer (MDAC) Remote Code Execution Exploit (MS06-014)
- UUSee UUUpgrade ActiveX Control 'Update' Method Arbitrary File Download Vulnerability
- Ourgame 'GLIEDown2.dll' ServerList Method ActiveX Control Remote Code Execution Vulnerability
- RealPlayer IERPCtl.IERPCtl.1 (CVE-2007-5601)
- Baidu Soba Remote Code Execute Vulnerability
- DPClient.Vod (CVE-2007-6144)
If any of these vulnerabilities are present on the user's system, the malware will exploit it in order to download and execute files from the following sites:
- http://down.hs7yue.cn/[...]/a2.css - Trojan.Win32.Agent.wnu
- http://down.hs7yue.cn/[...]/sina.exe - Trojan.Win32.Agent.wnu
- http://down.hs7yue.cn/[...]/Baidu.cab - Trojan-Downloader.Win32.Agent.wps
- http://jzm015.cn/[...]115.swf - Exploit.SWF.Downloader.eh
- http://jzm015.cn/[...]115.swf - Exploit.SWF.Downloader.eh
- http://down.hs7yue.cn/[...]/UU.ini - unavailable
The online F-Secure Health Check can help determine whether a user's system has vulnerabilities which can be exploited, and assist in finding fixes for any vulnerabilities discovered. |
|
|
|
F-Secure Corporation |
|
|
|
|
|
Last Modified: September 05, 2008
|
|
|
|
|