McAfee > Theat Center > Virus Detail Page

Overview

Characteristics

Generic Downloader.bs have been observed to be obfuscated java scripts which arrive in emails. These scripts are then executed to download files and possibly more scripts from servers. Some of the observed servers contacted are:

• pay4logs.com
• 80.233.245.154

Files including the rootkit Cutwail have been observed during downloads. After download, svchost is launched with injected code. The injected code is used to contact various SMTP servers inorder to send out similar emails which contain the java script.

The following is a typical example of the text contained in the spammed emails:

"Greetings, how are you doing? Give we shall meet!"

Symptoms

High number of network connections to various SMTP servers

Method of Infection

By execution of the scripts leading to downloads.

Removal

Variants

Variants

N/A

All Information

Overview -

Generic Downloader.bs is a detection for mainly javascript downloaders

Characteristics

Characteristics -

Generic Downloader.bs have been observed to be obfuscated java scripts which arrive in emails. These scripts are then executed to download files and possibly more scripts from servers. Some of the observed servers contacted are:

• pay4logs.com
• 80.233.245.154

Files including the rootkit Cutwail have been observed during downloads. After download, svchost is launched with injected code. The injected code is used to contact various SMTP servers inorder to send out similar emails which contain the java script.

The following is a typical example of the text contained in the spammed emails:

"Greetings, how are you doing? Give we shall meet!"

Symptoms

Symptoms -

High number of network connections to various SMTP servers

Method of Infection

Method of Infection -

By execution of the scripts leading to downloads.

Removal -

Removal -

Variants

Variants -

N/A