Follow:

 

Trojan:SWF/Jaswi.A


Trojan:SWF/Jaswi.A is small web format (.SWF) trojan that attempts to download other malware using an embedded and obfuscated malicious JavaScript. The SWF format trojan uses a vulnerability known as CVE-2010-0806 to exploit Windows computers and execute code via the malicious JavaScript.


What to do now

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products will detect and remove this threat:
 
 
For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.

Threat behavior

Trojan:SWF/Jaswi.A is small web format (.SWF) trojan that attempts to download other malware using an embedded and obfuscated malicious JavaScript. The SWF format trojan uses a vulnerability known as CVE-2010-0806 and described in Microsoft Security Advisory 981374 to exploit Windows computers and execute code via the malicious JavaScript.
 
This trojan may be encountered while browsing a website referencing the trojan via a malicious JavaScript.
 
Successful exploitation of a vulnerable computer by this malware could result in the downloading of arbitrary files. In the wild, this malware attempts to download a file "uusee.exe", detected as PWS:Win32/Lloyda.AU, from the domain "down.games520.cn". At the time of this writing, the file was not available.
Additional information
CVE-2010-0806 is mitigated by Microsoft Security Bulletin MS10-018 released in March 2010.
 
Analysis by Tim Liu

Symptoms

There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.

Prevention


Alert level: Severe
First detected by definition: 1.87.1874.0
Latest detected by definition: 1.87.1874.0 and higher
First detected on: Aug 13, 2010
This entry was first published on: Jan 08, 2011
This entry was updated on: Apr 17, 2011

This threat is also detected as:
  • Exploit.SWF.Agent.dt (Kaspersky)
  • CVE-2010-0806 (other)