Members
Stats
  • Total Posts: 28531
  • Total Topics: 8240
  • Online Today: 945
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: JS/Downloader-BCP  (Read 1522 times)

0 Members and 1 Guest are viewing this topic.

Amker

  • SCF Global Moderator
  • *****
  • Posts: 1081
  • KARMA: 22
  • Gender: Male
    • SCforum.info
JS/Downloader-BCP
« on: 16. June 2007., 15:15:05 »
The JavaScript detected as JS/Downloader-BCP is responsible for downloading various other files that exploit past released Microsoft's vulnerabilities.

 
Characteristics -


Downloaders are designed to pull files from a remote website and execute the files that have been downloaded. The nature of the remote file may vary. As the presence of these trojans and remote files are discovered, sites hosting these files are frequently taken down, so the downloading may cease to function as expected. This may result in empty, 0 byte files or HTML error messages being downloaded instead, or the remote file simply not being downloaded at all.


The JavaScript detected as JS/Downloader-BCP is responsible for downloading various other JavaScripts / files that exploit past released Microsoft's vulnerabilities. This script checks for the presence of various antivirus software and then inserts an iframe which points to a malicious file that exploits some vulnerability. The decision about which mailicious file the iframe will point to, is taken based on the browser JS/Downloader-BCP is running in.


The downloaded scripts may use the following exploits to install trojans on the compromised machine
MS06-044
MS05-054
MS05-036
MS06-055


It tries to download the malicious code from
http://ijk.cc/E/[REMOVED]

 
Symptoms -


Upon execution, the trojan attempts to download files from the site:  http://ijk.cc/E/[REMOVED]

 
Method of Infection -


N/A. Downloaders are not viruses, and as such do not themselves contain any method to replicate. However they may themselves be downloaded by other viruses and/or Trojans to be installed on the user's system.

Many of these additionally are mass spammed by the author to entice people into activating them.

Alternatively they may be installed by visiting a malicious web page (either by clicking on a link, or by the website hosting a scripted exploit which installs the Downloader onto the user's system with no user interaction.

 
Removal -

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

McAfee
# Online Anti-Malware Scanners: http://scforum.info/index.php/topic,734.0.html

Samker's Computer Forum - SCforum.info

JS/Downloader-BCP
« on: 16. June 2007., 15:15:05 »




 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising