Home / malware Trojan.Exploit.ANOG
First posted on 21 November 2011.
Source: BitDefenderAliases :
There are no other names known for Trojan.Exploit.ANOG.
Explanation :
It's a Javascript that use some common algorithms (escape, base64) for encoding its body to avoid detection. A VBScript is hidden under this algoritm. The VBStript is also obfuscated, contains a link: "http://ad.ote2008.[removed]/ad.css" to a file detected as Trojan.Agent.AJJX. File from that address is saved in victim's machine as %TEMP%Gameeeeee.pif it's a Win32 executable and is launched by a previous created %TEMPGameeeees.vbs%
Last update 21 November 2011
