Home / malware Trojan.JS.PYZ
First posted on 21 November 2011.
Source: BitDefenderAliases :
Trojan.JS.PYZ is also known as Exploit.JS.Agent.agc, Troj/JSRedir-P.
Explanation :
This is a malicious javascript that tries to exploit vulnerabilities found in Adobe Acrobat Reader and Adobe Flash Player.
When accessing a malicious site, the script will launch two ActiveX objects: AcroPDF.PDF or PDF.PdfCtrl for the pdf file and ShockWaveFlash.ShockwaveFlash for the swf file. These will download and open a pdf file named "readme.pdf" respectively a swf file named "flash.swf" both containing exploits.
As a result of opening these files a malicious executable will be downloaded and executed.
At the moment of writing the download URL was
http://sitesupports.cn/[removed]?id=0,
the downloaded executable being detected as Backdoor.Zdoogu.F .Last update 21 November 2011
