Home / malware Trojan.Exploit.JS.G
First posted on 21 November 2011.
Source: BitDefenderAliases :
Trojan.Exploit.JS.G is also known as JS.Downloader.Trojan, Exploit:JS/Mult.M, JS/Downloader.Agent, JS:Agent-CG, JS/TrojanDownloader.Agent.CQD.
Explanation :
After decrypting the javascript code, it's easy to notice that the malware consists of two vulnerabilities:
CVE-2008-1309 that tries to exploit a flaw in Real Player in handling of its "Console" property which leads to memory corruption and thus giving the attacker the possibility of running arbitrary code on the affected computer. As for the payload it downloads a file from this website : http://count18.wuqing17173.cn.CVE-2007-6144 which exploits a buffer overflow in PPlayer.XPPlayer.1 ActiveX control in a Xunlei Thunder version to a property FlvPlayerUrl . It downloads a file from this website : http://dz.us.net.Last update 21 November 2011