TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
JS_DLOADER.KQZ
Overview
Solution

Malware type: JavaScript

Aliases: JS/Exploit-BO.gen (McAfee), Downloader (Symantec), Exp/HTML.VML.M (Avira), JS/Bofra-K (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 Medium

Distribution potential:

 Medium

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

JS_DLOADER.KQZ Behavior Diagram

Malware Overview

This JavaScript is usually embedded in a malicious Web site and is run on a system when a user visits the said Web site. Web sites hosting this JavaScript may be related to the Super Bowl event, as well as gaming Web sites.

When executed, it connects to certain HTML pages, which contain a script also detected by Trend Micro as JS_DLOADER.KQZ. The said HTML pages contain codes that exploit the VML vulnerability in Windows. For more information on the said vulnerability, please refer to the following Microsoft Web page:

It exploits the said vulnerability to download and execute a Trojan detected as TROJ_ZLOB.BZE.

As a result, the routines of the related Trojan may be exhibited on the affected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Feb. 2, 2007 3:56:15 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.