Home / malwarePDF  

TrojanDownloader:JS/Adodb.G


First posted on 13 July 2010.
Source: SecurityHome

Aliases :

TrojanDownloader:JS/Adodb.G is also known as Exploit/Cve-2010-1885 (AhnLab), Trojan horse Generic2_c.ANAY (AVG), JS/Dldr.Agent.AGS.3 (Avira), Win32.SuspectCrc (Ikarus), Exploit.HTML.HCP.a (Sunbelt Software), JS_HCPDL.A (Trend Micro).

Explanation :

TrojanDownloader:JS/Adodb.G is the component detection for malicious JavaScript code that downloads and executes another malware components.
Top

TrojanDownloader:JS/Adodb.G is the component detection for malicious JavaScript code that downloads and executes another malware components. Installation TrojanDownloader:JS/Adodb.G is usually downloaded by other malicious scripts and exploits. In the wild, we have observed TrojanDownloader:JS/Adodb.G being downloaded by Microsoft Help and Support Center exploit Exploit:Win32/CVE-2010-1885.A. Payload Downloads and executes arbitrary files TrojanDownloader:JS/Adodb.G contacts the following domain in order to download arbitrary files: €œphp.opensourcecms.com€ Note: At the time of writing, the above domain was no longer available. The malware then saves the downloaded files to the following location: %TEMP%\<RANDOM>.exe Note: %TEMP% refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the Temp folder for Windows 2000 and NT is C:\DOCUME~1\<user>\LOCALS~1\Temp and for XP, Vista, and 7 is C:\Users\<user name>\AppData\Local\Temp.

Analysis by Rodel Finones

Last update 13 July 2010

 

TOP