JS_SENGLOT.C - Description and solution

TrendLabs Malware Blog

Glossary

TrendWatch

TrendLabs Twitter

JS_SENGLOT.C

Overview

Solution

Technical Details

Malware type: JavaScript

Aliases: Trojan-Downloader.JS.Agent.bwp (Kaspersky), HTML/Shellcode.Gen (Avira), Mal/JSShell-B (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:
Damage potential:		Medium
Distribution potential:		Low

Description:

This malicious JavaScript may be downloaded from remote site(s) by HTML_IFRAME.AAK.

It may arrive bundled with malware packages as a malware component.

It may be downloaded from a certain remote site(s).

This malicious JavaScript takes advantage of the following software vulnerability, which allows a remote malicious user or malware to download files on the affected machine:

Vector Markup Language

More information about the said vulnerability can be found here.

After successfully exploiting the said vulnerability, it connects to the URL http://www.{BLOCKED}.cn/ri.exe to download a malicious file detected by Trend Micro as TROJ_AGENT.ALGQ.

As a result, routines of the downloaded file may be exhibited on the affected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: May. 7, 2008 12:56:39 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.