Home / malware TrojanDownloader:VBS/Psyme.AF
First posted on 27 February 2013.
Source: MicrosoftAliases :
TrojanDownloader:VBS/Psyme.AF is also known as Trojan.VBS.Downloader (BitDefender), VBS/TrojanDownloader.Agent.NHE trojan (ESET), VBS/DownLdr-AAD (Sophos).
Explanation :
When run, it uses the DOM (Document Object Model) controls "MSXML2.XMLHTTP" and "ADODB.Stream" to download arbitrary files. In the wild, TrojanDownloader:VBS/Psyme.AF has been observed to download files from the server "stadiomobile.it" that is detected as Virus:Win32/Zbot.A.
Analysis by Jim Wang
Last update 27 February 2013
