TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
JS_AFIR.A
Overview
Solution

Malware type: JavaScript

Aliases: HEUR/Exploit.HTML (Avira),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 Medium

Description: 

Trend Micro threat researchers post findings and analyses on various threats in real-time at the Malware Blog. Users can find more information about this specific threat here.

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

JS_AFIR.A Behavior Diagram

Malware Overview

This obfuscated JavaScript (JS) malware is hosted in compromised sites.

Once users access one of these compromised sites, this malicious JavaScript redirects them to a certain Web site to download a file detected by Trend Micro as TROJ_SINOWAL.CB. The said Trojan drops another malware, which Trend Micro detects as TROJ_SINOWAL.CI.

This malicious JavaScript is found to affect sites hosted in Italy.

For additional information about this threat, see:
Solution
Technical Details

Description created: May. 2, 2008 3:18:33 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.