Home / malware Exploit.HTML.Agent.AM
First posted on 21 November 2011.
Source: BitDefenderAliases :
Exploit.HTML.Agent.AM is also known as KAV:, Trojan-Downloader.JS.Agent.euw AVG:, Exploit Symantec:, Downloader.
Explanation :
This malware uses flash-object vulnerabilities that allow arbitrary code execution by loading a specially crafted SWF object into a web-page. Once an infected web-page is opened, the trojan will create a specially crafted swf object that will allow the execution of a payload into the heap. Once the payload receives control, it will attempt to download and execute a file
from http://[removed].com/configs/load.php?id=5. (by the time this article was created, the downloaded file was detected as Trojan.Spy.ZBot.EKG; however, this may be subject to changes).
The trojan only affectes browsers that use Flash Player version 9 or 10, revision 16, 28, 45, 47, 64 or 115; Internet Explorer and Firefox will be affected regardless of revision.Last update 21 November 2011