Home / malwarePDF  

JS/Advedo


First posted on 05 March 2008.
Source: SecurityHome

Aliases :

JS/Advedo is also known as Trojan-Downloader.JS.Iframe.db, Trojan-Downloader.HTML.IFrame.fb, Trojan-Downloader.HTML.Cursor.b.

Explanation :

JS/Advedo is part of a multi-stage malware that is written in JScript and VBS. This script Trojan is injected into several legitimate websites and uses several other scripts to ultimately allows a file to be downloaded into the infected system. The downloaded file is executed afterwards.

JS/Advedo is part of a multi-stage malware that is written in JScript and VBS.

The first part of this script Trojan is injected into several legitimate websites. It is placed after the closing HTML tag of the website. This script allows the execution of another script from the following predetermined website:
The second part of the script then inserts an iframe into the visited legitimate website. The site inserted is still contained from the same domain.

The third part of this malware is a combination of JScript and VBS. It downloads a file from the following website:
The file obtained is saved into the temporary folder of the system as nettool.exe.

The file ~net.bat is also created in the temporary folder of the system and is used to execute the downloaded file.

At the time of analysis, the downloaded file is no longer available.

Last update 05 March 2008

 

TOP

Malware :