JS_FEEBS.M - Description and solution

TrendLabs Malware Blog

Glossary

TrendWatch

TrendLabs Twitter

JS_FEEBS.M

Overview

Solution

Technical Details

Malware type: JavaScript

Aliases: JS/Downloader.M, JS/Feeb, JS/Feebs.gen@MM, W32.Feebs

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:
Damage potential:		Medium
Distribution potential:		Medium

Description:

This JavaScript is embedded in a malicious Web site and is run on a system when a user visits the said Web site. It may also arrive on the system as an attached .HTML file to an email message manually mass-mailed by a malicious user.

When running on the affected system, it shows a fake hotmail.com loading page that displays a text message saying there is no available connection. It appears to the user that the JavaScript has failed to successfully access the Web page even though it is already downloading an encoded file detected by Trend Micro as WORM_FEEBS.N. It then decodes and executes the said file on the affected system.

The fake hotmail.com loading page, where this JavaScript downloads the WORM_FEEBS.N file may use any of the following URLs:

http://ab.{BLOCKED}om/d.c
http://hzs.{BLOCKED}u/d.c
http://qnx{BLOCKED}.ru/d.php
http://user{BLOCKED}b.net/xup/d.txt
http://zto{BLOCKED}6.ru/m.txt

For additional information about this threat, see:
Solution
Technical Details

Description created: Jan. 12, 2006 1:30:03 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.