1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Virus Descriptions
  6. Trojan-Downloader:JS/Psyme.CK

Trojan-Downloader:JS/Psyme.CK

Name : Trojan-Downloader:JS/Psyme.CK
Category:Malware
Type:Trojan-Downloader
Platform:JS

Summary

Trojan-Downloader:JS/Psyme.CK exploits vulnerabilities found in the affected system and also redirects to other sites.

It then attempts to download and execute a binary from a specific URL.

Additional Details

Trojan-Downloader:JS/Psyme.CK exploits vulnerabilities in Microsoft Data Access Components (MDAC) (MS06-014), Baofeng Storm MPS.StormPlayer.1 ActiveX control, PPStream PowerPlayer ActiveX control, and Baidu Soba ActiveX control. It uses the vulnerabilities in order to redirect to other sites.

Psyme.CK redirects to the following URLs:

  • http://9gg.biz/0614.js
  • http://9gg.biz/MPS.js
  • http://9gg.biz/PowerPlayerCtrl.js

A function from the Baidu Soba ActiveX control is exploited to download the following CAB file to the Windows Internet Explorer temporary directory:

  • http://9gg.biz/4.CAB

It then extracts and executes the file bd.exe, which is contained within the CAB file.

Note: The URLs were offline during our investigations.