Home / malwarePDF  

Trojan.Exploit.ANOI


First posted on 21 November 2011.
Source: BitDefender

Aliases :

Trojan.Exploit.ANOI is also known as JS_AGENT.ARVC, JS/Downloader.gen, Trojan.Exploit.SSX, Downloader.Agent.ku, JS/Downloader.Agent.

Explanation :

This piece of malware consists in a script written in Javascript which belongs to a chain of "web based threats" that uses numerous exploits to attack unaware users. The basic mechanism of this kind of threat is described here : Trojan.Exploit.SSX.

The script uses a deconcept SWFObject to find out the version of Flash Player. It exploits different versions of Flash Player 9. It does this in order to check which exploited SWF file to give to the client for the vulnerable versions. The SWF exploit is detected as Exploit.SWF.Gen and downloads another malware depending on the infected website.

Last update 21 November 2011

 

TOP