JS_FEEBS.PX - Description and solution

TrendLabs Malware Blog

Glossary

TrendWatch

TrendLabs Twitter

JS_FEEBS.PX

Overview

Solution

Technical Details

Malware type: JavaScript

Aliases: Worm.Win32.Feebs.gen (Kaspersky), JS/Feebs.gen.n@MM (McAfee), Downloader (Symantec), HTML/Feebs.Gen (Avira), Troj/FeebDl-Z (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:
Damage potential:		Medium
Distribution potential:		High

Description:

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

JS_FEEBS.PX Behavior Diagram

Malware Overview

This malicious JavaScript is usually embedded in malicious Web sites. It may also arrive as an attachment to an email message mass-mailed by WORM_FEEBS.PX or by a malicious user.

Upon execution, it displays a fake login page. It downloads an encoded file, TEST.TXT, from the URL, http://{BLOCKED}bs.by.ru/test.txt. It then decodes and executes the said file on the affected system. Trend Micro detects the decoded file as WORM_FEEBS.PX.

As a result, routines of the downloaded malware are exhibited on the affected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Feb. 1, 2007 11:30:45 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.