TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
JS_AGENT.AEVE
Overview
Solution

Malware type: JavaScript

Aliases: Trojan-Downloader.JS.Iframe.at (Kaspersky), Exploit-IFrame (McAfee), Downloader (Symantec), TR/Dldr.Iframe.AT (Avira), Mal/Jessy-A (Sophos), TrojanDownloader:JS/Psyme.MK (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: Yes

Overall risk rating:

Reported infections:

Damage potential:

 Medium

Distribution potential:

 Medium

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

JS_AGENT.AEVE Behavior Diagram

Malware Overview

This malicious JavaScript may be downloaded unknowingly by a user when visiting compromised Web pages that have a certain IFrame tag. It accesses a malicious Web site to download a file detected by Trend Micro as TROJ_AGENT.AFFR. Thus, routines of the downloaded Trojan is exhibited on the affected system.

This is also the Trend Micro detection for Web pages that carry the IFrame tag responsible for this JavaScript's download. Note that the malicious portion in the tag is encrypted to cover up the download routine.

For additional information about this threat, see:
Solution
Technical Details

Description created: Dec. 27, 2007 9:15:48 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.