Home / malware Trojan-Downloader:JS/Agent.CKL
First posted on 05 September 2008.
Source: SecurityHomeAliases :
There are no other names known for Trojan-Downloader:JS/Agent.CKL.
Explanation :
This type of trojan secretly downloads malicious files from a remote server, then installs and executes the files.
right]
Upon execution, this trojan will try to take advantage of the following vulnerabilities:
- Microsoft Office Snapshot Viewer ActiveX vulnerability
- Sina DLoader Class ActiveX Control 'DonwloadAndInstall' Method Arbitrary File Download Vulnerability
- Internet Explorer (MDAC) Remote Code Execution Exploit (MS06-014)
- UUSee UUUpgrade ActiveX Control 'Update' Method Arbitrary File Download Vulnerability
- Ourgame 'GLIEDown2.dll' ServerList Method ActiveX Control Remote Code Execution Vulnerability
- RealPlayer IERPCtl.IERPCtl.1 (CVE-2007-5601)
- Baidu Soba Remote Code Execute Vulnerability
- DPClient.Vod (CVE-2007-6144)
If any of these vulnerabilities are present on the user's system, the malware will exploit it in order to download and execute files from the following sites:
- http://down.hs7yue.cn/[Removed]/a2.css - Trojan.Win32.Agent.wnu
- http://down.hs7yue.cn/[Removed]/sina.exe - Trojan.Win32.Agent.wnu
- http://down.hs7yue.cn/[Removed]/Baidu.cab - Trojan-Downloader.Win32.Agent.wps
- http://jzm015.cn/[Removed]115.swf - Exploit.SWF.Downloader.eh
- http://jzm015.cn/[Removed]115.swf - Exploit.SWF.Downloader.eh
- http://down.hs7yue.cn/[Removed]/UU.ini - unavailable
The online F-Secure Health Check can help determine whether a user's system has vulnerabilities which can be exploited, and assist in finding fixes for any vulnerabilities discovered.Last update 05 September 2008
