Select local site

| Japanese | Simplified Chinese | Traditional Chinese (Hong Kong) | Traditional Chinese (Taiwan)

F-Secure Malware Information Pages: Trojan-Downloader:JS/Agent.CTK
[Summary] | [Additional Details] | [Detection]

Name : Trojan-Downloader:JS/Agent.CTK
Detection Names : Trojan-Downloader:JS/Agent.CTK
Type:Trojan-Downloader
Category:Malware
Platform:JS
Radar

Summary
This type of trojan secretly downloads malicious files from a remote server, then installs and executes the files.
Back to the Top

Additional Details
This trojan uses Shockwave Flash Object (SWFObject) Java Script to view the following crafted SWF content on the browser page:

  • http://jzm015.cn/[Removed]115.swf
  • http://jzm015.cn/[Removed]64.swf
  • http://jzm015.cn/[Removed]47.swf
  • http://jzm015.cn/[Removed]45.swf
  • http://jzm015.cn/[Removed]28.swf
  • http://jzm015.cn/[Removed]16.swf

All of the listed SWF files are detected as Exploit.SWF.Downloader.eh.

The purpose of the malicious flash file is to download additional malware.
Back to the Top

Detection
F-Secure Anti-Virus detects this malware with the following updates:
[FSAV_Database_Version]
Version = 2008-08-06_01.
Back to the Top



F-Secure Corporation

Last Modified: September 04, 2008