Exploit.HTML.Agent.AM( KAV: Trojan-Downloader.JS.Agent.euw AVG: Exploit Symantec: Downloader )
SYMPTOMS: BitDefender showing a virus alert shortly after opening an infected web-page.TECHNICAL DESCRIPTION: This malware uses flash-object vulnerabilities that allow arbitrary code execution by loading a specially crafted SWF object into a web-page. Once an infected web-page is opened, the trojan will create a specially crafted swf object that will allow the execution of a payload into the heap. Once the payload receives control, it will attempt to download and execute a filefrom http://[removed].com/configs/load.php?id=5. (by the time this article was created, the downloaded file was detected as Trojan.Spy.ZBot.EKG; however, this may be subject to changes). The trojan only affectes browsers that use Flash Player version 9 or 10, revision 16, 28, 45, 47, 64 or 115; Internet Explorer and Firefox will be affected regardless of revision. Removal instructions: Please let BitDefender disinfect your files.ANALYZED BY: Lutas Andrei Vlad, virus researcher |
