Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
When executed, JS/Downloader.Agent will inject harmful code on certain running processes. This gives the Trojan to run on itself when the infected process starts. It works its way to communicate to a distant host to download additional threats. JS/Downloader.Agent will also attempt to update configuration files and performs malicious activities on the infected computer.
- Steal sensitive information like computer name and password
- Gather FTP credentials including address, user name, and password
- Access web files through FTP accounts of the infected computer user
- Inject malicious code into header of .PHP, .HTML, .HTM and other web file formats that may result the whole web site to be compromised.
When user visits infected web sites, the injected script will trigger certain harmful actions including the following.
- Drop malware on visitor’s computer
- Download and install rogue security software
- Redirect search result to predefined web sites
- Display pop-up alerts and advertisements
- Disable security applications including anti-virus and firewall
This Trojan will spread through the Internet in a variety of ways. Because the Trojan has so many variants, each type has its own usual way of distribution process. Infected web sites are the main channel to propagate JS/Downloader.Agent. Others are sent as an attached file to spam email messages or link contained within a message of instant messenger programs.