Home / malwarePDF  

Trojan.Exploit.ANPI


First posted on 21 November 2011.
Source: BitDefender

Aliases :

Trojan.Exploit.ANPI is also known as Trojan-Downloader.JS.Agent.dak, Exploit:JS/Mult.AC, VBS/Spyme.HC.

Explanation :

This is a Visual Basic Script which uses simple obfuscation techniques to hide it's purpose and evade signatures based detection engines. It is downloaded (while surfing the internet) from malicious websites or some legitimate websites which were usually infected through SQL Injection attacks. It's purpose is to exploit a vulnerability in Internet Explorer (the ADODB.Stream object) in order to download, save and then execute infected files from the internet.
This component is only a part of a complex infection mechanism which will download and install various trojan files to the unaware user's computer.

Last update 21 November 2011

 

TOP