Home / malware Trojan.Downloader.JS.Agent.PB
First posted on 21 November 2011.
Source: BitDefenderAliases :
Trojan.Downloader.JS.Agent.PB is also known as Exploit:Win32/Senglot.J;, Trojan-Downloader:JS/Agent.CQY;, JS/TrojanDownloader.Agent.NDL.
Explanation :
This trojan is written in JavaScript and it exploits a buffer overflow vulnerability of BaoFeng Storm ActiveX Control ( identified with the following CLSID: 6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB). This is done by passing a long argument into rawParse() method of Mps.dll.
If the code stored in a JavaScript unescaped sequence is executed, it will download a malware from the following URL: http://www.[removed]hena.com/test.exe, save it under a.exe ant then execute it. When this description was made, the URL wasn't active.Last update 21 November 2011