Select local site

| Japanese | Simplified Chinese | Traditional Chinese (Hong Kong) | Traditional Chinese (Taiwan)

F-Secure Malware Information Pages: Trojan-Downloader:JS/Agent.CKL
[Summary] | [Additional Details]

Name : Trojan-Downloader:JS/Agent.CKL
Detection Names : Trojan-Downloader.JS.Agent.ckl
Type:Trojan-Downloader
Category:Malware
Platform:JS
Radar

Summary
This type of trojan secretly downloads malicious files from a remote server, then installs and executes the files.
Back to the Top

Additional Details
Upon execution, this trojan will try to take advantage of the following vulnerabilities:

  •   Microsoft Office Snapshot Viewer ActiveX vulnerability
  •   Sina DLoader Class ActiveX Control 'DonwloadAndInstall' Method Arbitrary File Download Vulnerability
  •   Internet Explorer (MDAC) Remote Code Execution Exploit (MS06-014)
  •   UUSee UUUpgrade ActiveX Control 'Update' Method Arbitrary File Download Vulnerability
  •   Ourgame 'GLIEDown2.dll' ServerList Method ActiveX Control Remote Code Execution Vulnerability
  •   RealPlayer IERPCtl.IERPCtl.1 (CVE-2007-5601)
  •   Baidu Soba Remote Code Execute Vulnerability
  •   DPClient.Vod (CVE-2007-6144)

If any of these vulnerabilities are present on the user's system, the malware will exploit it in order to download and execute files from the following sites:

  •   http://down.hs7yue.cn/[...]/a2.css - Trojan.Win32.Agent.wnu
  •   http://down.hs7yue.cn/[...]/sina.exe - Trojan.Win32.Agent.wnu
  •   http://down.hs7yue.cn/[...]/Baidu.cab - Trojan-Downloader.Win32.Agent.wps
  •   http://jzm015.cn/[...]115.swf - Exploit.SWF.Downloader.eh
  •   http://jzm015.cn/[...]115.swf - Exploit.SWF.Downloader.eh
  •   http://down.hs7yue.cn/[...]/UU.ini - unavailable

The online F-Secure Health Check can help determine whether a user's system has vulnerabilities which can be exploited, and assist in finding fixes for any vulnerabilities discovered.
Back to the Top



F-Secure Corporation

Last Modified: September 05, 2008