Trojan.Exploit.ANOI

BAIXO
MÉDIO
aprox 1.5 kb
(JS_AGENT.ARVC , JS/Downloader.gen, Trojan.Exploit.SSX, Downloader.Agent.ku, JS/Downloader.Agent)

Sintomas

There are no obvious signs until the attacker manages to infiltrate the system ( the final downloaded malware varies ).

Instruções para remoção:

It's always better to prevent : keep the antivirus updated, as well as any application that you might use (Flash Player).
Please let BitDefender disinfect your files.

Analisado por

Daniel Chipiristeanu, virus researcher

Descrição Técnica:

This piece of malware consists in a script written in Javascript which belongs to a chain of "web based threats" that uses numerous exploits to attack unaware users. The basic mechanism of this kind of threat is described here : Trojan.Exploit.SSX.

The script uses a deconcept SWFObject  to find out the version of Flash Player. It exploits different versions of Flash Player 9. It does this in order to check which exploited SWF file to give to the client for the vulnerable versions. The SWF exploit is detected as Exploit.SWF.Gen  and downloads another malware depending on the infected website.