TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
JS_DLOADER.TVP
Overview
Solution

Malware type: JavaScript

Aliases: Trojan-Clicker.HTML.IFrame.mm (Kaspersky), VBS/Psyme (McAfee), Downloader (Symantec), JS/Dldr.Agent.1535 (Avira), Mal/Iframe-F (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 Medium

Distribution potential:

 Low

Description: 

Trend Micro threat researchers post findings and analyses on various threats in real-time at the Malware Blog. Users can find more information about this specific threat here.

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

JS_DLOADER.TVP Behavior Diagram

Malware Overview

This malicious JavaScript arrives as file downloaded by JS_IFRAME.US from the URL http://www.{BLOCKED}ena.com/1.htm.

It is usually embedded in exploited/compromised Web sites through insertions of malicious iFrame tags. It may be installed unknowingly by a user when visiting malicious/compromised Web sites.

The said iFrame tag is used to download several files from the URL http://www.{BLOCKED}ena.com.

The downloaded files are detected by Trend Micro as JS_NEVAR.A. As a result, the routines of the downloaded files may be exhibited on the system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Apr. 3, 2008 5:54:36 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.