JS_DLOADER.NUF - Description and solution

TrendLabs Malware Blog

Glossary

TrendWatch

TrendLabs Twitter

JS_DLOADER.NUF

Overview

Solution

Technical Details

Malware type: JavaScript

Aliases: Trojan-Downloader.JS.Agent.kd (Kaspersky), JS/Downloader-BCZ (McAfee), Downloader (Symantec), TR/Dldr.CD.5 (Avira), Troj/JSEcard-A (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:
Damage potential:		Medium
Distribution potential:		Low

Infection Channel 1 : Spammed via email

Description:

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

JS_DLOADER.NUF Behavior Diagram

Malware Overview

This malicious JavaScript is downloaded by a malicious HTML script that Trend Micro detects as HTML_IFRAME.CV from the Web site, http://{BLOCKED}crogger.ws/flash/index.php. It may also arrive via spammed email messages. The said email message may contain certain URLs. When the said URLs are accessed, this malicious JavaScript is executed on the affected system.

Once executed on the affected system, it accesses URLs to download files detected by Trend Micro as TROJ_AGENT.UYO and TROJ_DLOADER.KTY. As a result, routines of the downloaded files are also exhibited on the affected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jun. 22, 2007 6:24:47 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.