SecurityHome.eu Trojan.JS.PYZ

Home / malware PDF

Trojan.JS.PYZ

First posted on 21 November 2011.
Source: BitDefender
Aliases :
Trojan.JS.PYZ is also known as Exploit.JS.Agent.agc, Troj/JSRedir-P.
Explanation :
This is a malicious javascript that tries to exploit vulnerabilities found in Adobe Acrobat Reader and Adobe Flash Player.
When accessing a malicious site, the script will launch two ActiveX objects: AcroPDF.PDF or PDF.PdfCtrl for the pdf file and ShockWaveFlash.ShockwaveFlash for the swf file. These will download and open a pdf file named "readme.pdf" respectively a swf file named "flash.swf" both containing exploits.
As a result of opening these files a malicious executable will be downloaded and executed.

At the moment of writing the download URL was
http://sitesupports.cn/[removed]?id=0,
the downloaded executable being detected as Backdoor.Zdoogu.F .
Last update 21 November 2011

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20