My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Trojan.Exploit.ANOI

LOW
MEDIUM
aprox 1.5 kb
(JS_AGENT.ARVC , JS/Downloader.gen, Trojan.Exploit.SSX, Downloader.Agent.ku, JS/Downloader.Agent)

Symptoms

There are no obvious signs until the attacker manages to infiltrate the system ( the final downloaded malware varies ).

Removal instructions:

It's always better to prevent : keep the antivirus updated, as well as any application that you might use (Flash Player).
Please let BitDefender disinfect your files.

Analyzed By

Daniel Chipiristeanu, virus researcher

Technical Description:

This piece of malware consists in a script written in Javascript which belongs to a chain of "web based threats" that uses numerous exploits to attack unaware users. The basic mechanism of this kind of threat is described here : Trojan.Exploit.SSX.

The script uses a deconcept SWFObject  to find out the version of Flash Player. It exploits different versions of Flash Player 9. It does this in order to check which exploited SWF file to give to the client for the vulnerable versions. The SWF exploit is detected as Exploit.SWF.Gen  and downloads another malware depending on the infected website.