Home / malwarePDF  

Trojan.VBS.Psyme.UT


First posted on 21 November 2011.
Source: BitDefender

Aliases :

There are no other names known for Trojan.VBS.Psyme.UT.

Explanation :

This is a malicious JavaScript, that is part of a major attack that took place in first half of May 2008.

A visit to any compromised site is enough to get infected with this malicious script. It will test for several components having vulnerabilities, and will insert IFRAME tags that will point to attacker's other malicious scripts:

"http://err.www4[...]/614.gif"
"http://err.www4[...]/real10.gif"
"http://err.www4[...]/bf.gif"
"http://err.www4[...]/lz.gif"
"http://err.www4[...]/real11.gif"
"http://js.ton[...]hoo.com/621252/ystat.js"

Vulnerabilities exploited by those scripts are:
(CVE-2007-1765) MS06-14
(CVE-2007-4816) Baofeng Storm MPS.StormPlayer
(CVE-2007-5722) GLCHAT.GLChatCtrl.1 ActiveX
(CVE-2007-5601) RealPlayer IERPCtl.IERPCtl.1

All those malicious scripts will download and execute trojans on your computer.
At the moment of analysis, those trojans are detected as:
Trojan.Downloader.Agent.YTX
Win32.Almanahe.D

Last update 21 November 2011

 

TOP