TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
JS_HACK.AG
Overview
Solution

Malware type: JavaScript

Aliases: Trojan-Downloader.JS.Small.fu (Kaspersky), Hacktool.IE.Exploit (Symantec), HTML/Silly.Gen (Avira), Mal/JSShell-B (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 Medium

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

JS_HACK.AG Behavior Diagram

Malware Overview

This malicious JavaScript may arrive as a file hosted on a Web site.

It exploits a vulnerability on a system's Internet Explorer (IE) browser. It performs the said action in an attempt to connect to a certain Web site and download a spyware file, which Trend Micro detects as TSPY_AGENT.AAVG. More information about the said vulnerability can be found in the following Web page:

It saves and executes the downloaded file in the root folder, which is usually C:\.

For additional information about this threat, see:
Solution
Technical Details

Description created: Aug. 29, 2007 12:21:54 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.