English

Log in

Search

The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service.

Internet threat level: 1

Watch us on

Home→Descriptions→Exploit.JS.Agent.bgz

Exploit.JS.Agent.bgz

Detected	Apr 28 2011 19:52 GMT
Released	Apr 29 2011 02:02 GMT
Published	Sep 08 2011 08:44 GMT

Technical Details
Payload
Removal instructions

Technical Details

An exploit that uses a vulnerability in the Web-browser for its implementation on the user's computer. It is a HTML-page containing JavaScript. It has several versions of around 3-4 kB.

Payload

When launched, the exploit downloads a file from a link. Depending on the version, the exploit may download the file from different links, for example:

http://98.***.14.171:321/cc.exe
http://121.***.170.179:54321/h.exe
http://121.***.168.129:987/ss.exe
http://x.***ririni.info:6789/down/my/103.exe
http://x.***ririni.info:6789/down/my/108.exe
http://58.***.36.199:8832/xx/xm05.css

When creating the description, two files were downloaded from some of the indicated links. One file is 16372 bytes and is detected by Kaspersky Antivirus as Trojan-Downloader.Win32.Agent.ssax. The second file is 25088 bytes and is detected by Kaspersky Antivirus as Trojan-Downloader.Win32.Geral.vnk. The downloaded file is saved under the following name:

%AppData%\f.exe

The downloaded file is then launched and the exploit shuts down.

Removal instructions

If your computer has not been protected with anti-virus software and has been infected with malware, you will need to take the following actions to delete this:

Delete the original program file (its location on the infected computer will depend on how the program got onto the computer).
Clear the Temporary Internet Files directory which may contain infected files (How to delete infected files in the Temporary Internet Files folder?):
```
%Temporary Internet Files%
```
Delete the following file:
```
%AppData%\f.exe
```
Run a full Kaspersky Antivirus scan of the computer with updated antivirus databases (download trial version).

Print

Share

Malicious programs

Trojans

Exploit

Exploits are programs that contain data or executable code which take advantage of one or more vulnerabilities in software running on a local or remote computer for clearly malicious purposes.

Often, malicious users employ an exploit to penetrate a victim computer in order to subsequently install malicious code (for example, to infect all visitors to a compromised website with a malicious program). Additionally, exploits are commonly used by Net-Worms in order to hack a victim computer without any action being required from the user.

Nuker programs are notable among exploits; such programs send specially crafted requests to local or remote computers, causing the system to crash.

Other versions

Aliases

Exploit.JS.Agent.bgz (Kaspersky Lab) is also known as:

Troj/ExpJS-R (Sophos)
JS.Agent-90 (ClamAV)
Exploit:JS/CVE-2010-0806.gen!A (MS(OneCare))
JS:CVE-2010-0806-CV [Expl] (AVAST)
Exploit (AVG)
JS/ShellCode.B (Norman)
Hack.Exploit.Script.JS.Agent.ju (Rising)

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.

kaspersky.com

securelist.com