BitDefender Antivirus
Contact Us | My BitDefender

Trojan.JS.PYZ

( Exploit.JS.Agent.agc, Troj/JSRedir-P )
Spreading: low
Damage: low
Size: <5 Kbytes
Discovered: 2009 Apr 09

SYMPTOMS:

 No obvious symptoms.

TECHNICAL DESCRIPTION:

  This is a malicious javascript that tries to exploit vulnerabilities found in Adobe Acrobat Reader and Adobe Flash Player.
 When accessing a malicious site, the script will launch two ActiveX objects: AcroPDF.PDF or PDF.PdfCtrl for the pdf file and ShockWaveFlash.ShockwaveFlash for the swf file. These will download and open a pdf file named "readme.pdf" respectively a swf file named "flash.swf" both containing exploits.
As a result of opening these files a malicious executable will be downloaded and executed.

At the moment of writing the download URL was
  http://sitesupports.cn/[removed]?id=0,
the downloaded  executable being detected as  Backdoor.Zdoogu.F .

Removal instructions:

Please let BitDefender disinfect your files.

ANALYZED BY:

Balazs Biro, jr. virus researcher
©   2009 BITDEFENDER SiteMap | Legal Terms | Site Feedback | Global Sites | Privacy Policy