Home / malwarePDF  

TrojanDownloader:JS/Adodb.F


First posted on 13 July 2010.
Source: SecurityHome

Aliases :

TrojanDownloader:JS/Adodb.F is also known as Exploit/Cve-2010-1885 (AhnLab), JS/Dldr.Agent.ags (Avira), Win32.SuspectCrc (Ikarus), Exploit.HTML.HCP.a (Sunbelt Software), JS_HCPDL.A (Trend Micro).

Explanation :

TrojanDownloader:JS/Adodb.F is the component detection for malicious JavaScript code that downloads and executes another malware components, for example other JavaScript or malware binaries.
Top

TrojanDownloader:JS/Adodb.F is the component detection for malicious JavaScript code that downloads and executes another malware components, for example other JavaScript or malware binaries. Installation In the wild, we have observed TrojanDownloader:JS/Adodb.F being downloaded by Microsoft Help and Support Center exploit Exploit:Win32/CVE-2010-1885.A. Payload Downloads and executes arbitrary files TrojanDownloader:JS/Adodb.F contacts the following domain in order to download arbitrary files: €œphp.opensourcecms.com€ The malware then saves the downloaded files to the following location: %USERPROFILE%\<RANDOM>.js - detected as TrojanDownloader:JS/Adodb.G Note: %USERPROFILE% refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the User Profile folder for Windows 2000 and NT is C:\Documents and Settings\<user> or C:\Users\<user>; and for XP, Vista, and 7 is C:\Users\<user name>.

Analysis by Rodel Finones

Last update 13 July 2010

 

TOP