My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Trojan.Exploit.JS.G

MEDIUM
MEDIUM
aprox 5 kb
(JS.Downloader.Trojan, Exploit:JS/Mult.M , JS/Downloader.Agent, JS:Agent-CG, JS/TrojanDownloader.Agent.CQD)

Symptoms

There are no obvious symptoms.

Removal instructions:

First of all, keep your products updated.
You can set the "killbit" for these CLSIDs : "2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93" and "CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA". You can find information on how to do that here .


Please let BitDefender disinfect your files.

Analyzed By

Daniel Chipiristeanu, virus researcher

Technical Description:

After decrypting the javascript code, it's easy to notice that the malware consists of two vulnerabilities:
  1. CVE-2008-1309 that tries to exploit a flaw in Real Player in handling of its "Console" property which leads to memory corruption and thus giving the attacker the possibility of running arbitrary code on the affected computer. As for the payload it downloads a file from this website : http://count18.wuqing17173.cn.
  2. CVE-2007-6144 which exploits a buffer overflow in PPlayer.XPPlayer.1 ActiveX control in a Xunlei Thunder version to a property FlvPlayerUrl . It downloads a file from this website : http://dz.us.net.