Content

JS/Downloader-ATP

Type
Trojan
SubType
Downloader
Discovery Date
11/23/2007
Length
Varies
Minimum DAT
5171 (11/26/2007)
Updated DAT
5174 (11/29/2007)
Minimum Engine
5.1.00
Description Added
11/23/2007
Description Modified
11/23/2007 6:00 AM (PT)
Risk Assessment
Corporate User
Low-Profiled
Home User
Low-Profiled

Tab Navigation

Characteristics

--- Update Novemebr 23, 2007 --
The risk assessment of this threat was updated to Low-Profiled due to media attention at: http://www.securecomputing.net.au/news/65645,malware-found-on-laoairlinescom-travellers-beware-of-other-sites.aspx

JS/Downloader-ATP is a java script trojan intended to silently download and execute malicious content from a remote website

The downloaded exploits are detected as:

To receive an extra.dat file for this threat please visit: https://www.webimmune.net/extra/getextra.aspx

Symptoms

  • Outgoing HTTP traffic to the domain http:// [blocked].cskick.cn

Note: As the website being communicated is normally controlled by the malware author, any files being downloaded can be remotely modified and the behavior of these new binaries altered - possibly with every user infection.

Method of Infection

This downloader trojan exists purely to download and run other remote files. The downloader is run on the victim machine in a way that assists in masking its activity. This threat could be delivered via an email message, IM or an infectious web page.

Removal

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

JS/Downloader-ATP is a java script trojan intended to silently download and execute malicious content from a remote website.

Characteristics

Characteristics -

--- Update Novemebr 23, 2007 --
The risk assessment of this threat was updated to Low-Profiled due to media attention at: http://www.securecomputing.net.au/news/65645,malware-found-on-laoairlinescom-travellers-beware-of-other-sites.aspx

JS/Downloader-ATP is a java script trojan intended to silently download and execute malicious content from a remote website

The downloaded exploits are detected as:

To receive an extra.dat file for this threat please visit: https://www.webimmune.net/extra/getextra.aspx

Symptoms

Symptoms -

  • Outgoing HTTP traffic to the domain http:// [blocked].cskick.cn

Note: As the website being communicated is normally controlled by the malware author, any files being downloaded can be remotely modified and the behavior of these new binaries altered - possibly with every user infection.

Method of Infection

Method of Infection -

This downloader trojan exists purely to download and run other remote files. The downloader is run on the victim machine in a way that assists in masking its activity. This threat could be delivered via an email message, IM or an infectious web page.

Removal -

Removal -

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A