Exploit.HTML.Agent.AM
LOW
MEDIUM
2491 B
(KAV: Trojan-Downloader.JS.Agent.euw
AVG: Exploit
Symantec: Downloader)
Symptoms
BitDefender showing a virus alert shortly after opening an infected web-page.
Removal instructions:
Please let BitDefender disinfect your files.
Analyzed By
Lutas Andrei Vlad, virus researcher
Technical Description:
This malware uses flash-object vulnerabilities that allow arbitrary code execution by loading a specially crafted SWF object into a web-page. Once an infected web-page is opened, the trojan will create a specially crafted swf object that will allow the execution of a payload into the heap. Once the payload receives control, it will attempt to download and execute a file
from http://[removed].com/configs/load.php?id=5. (by the time this article was created, the downloaded file was detected as Trojan.Spy.ZBot.EKG; however, this may be subject to changes).
The trojan only affectes browsers that use Flash Player version 9 or 10, revision 16, 28, 45, 47, 64 or 115; Internet Explorer and Firefox will be affected regardless of revision.
SHARE
THIS ON