minimal-minimal

JS/Downloader-BCP

JS/Downloader-BCP

Threat Detail

  • Malware Type: Trojan
  • Malware Sub-type: Downloader
  • Protection Added: 2007-06-07

The JavaScript detected as JS/Downloader-BCP is responsible for downloading various other files that exploit past released Microsoft's vulnerabilities.

 


Minimum Engine

5400.1158

File Length

varies

Description Added

2007-06-07

Description Modified

2007-06-07

Malware Proliferation

fpo-ti-severity-legend logo-new-mcafee

Downloaders are designed to pull files from a remote website and execute the files that have been downloaded. The nature of the remote file may vary. As the presence of these trojans and remote files are discovered, sites hosting these files are frequently taken down, so the downloading may cease to function as expected. This may result in empty, 0 byte files or HTML error messages being downloaded instead, or the remote file simply not being downloaded at all.


The JavaScript detected as JS/Downloader-BCP is responsible for downloading various other JavaScripts / files that exploit past released Microsoft's vulnerabilities. This script checks for the presence of various antivirus software and then inserts an iframe which points to a malicious file that exploits some vulnerability. The decision about which mailicious file the iframe will point to, is taken based on the browser JS/Downloader-BCP is running in.


The downloaded scripts may use the following exploits to install trojans on the compromised machine


It tries to download the malicious code from

  • http://ijk.cc/E/[REMOVED]

 

All Users:

Please use the following instructions for all supported versions of Windows to remove threats and other potential risks:

1.Disable System Restore .

2.Update to current engine and DAT files for detection and removal.

3.Run a complete system scan.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

1. Please go to the Microsoft Recovery Console and restore a clean MBR.

On windows XP:

Insert the Windows XP CD into the CD-ROM drive and restart the computer.
When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
Select the Windows installation that is compromised and provide the administrator password
Issue 'fixmbr' command to restore the Master Boot Record
Follow onscreen instructions
Reset and remove the CD from CD-ROM drive.


On Windows Vista and 7:

Insert the Windows CD into the CD-ROM drive and restart the computer.
Click on "Repair Your Computer"
When the System Recovery Options dialog comes up, choose the Command Prompt.
Issue 'bootrec /fixmbr' command to restore the Master Boot Record
Follow onscreen instructions
Reset and remove the CD from CD-ROM drive.

N/A. Downloaders are not viruses, and as such do not themselves contain any method to replicate. However they may themselves be downloaded by other viruses and/or Trojans to be installed on the user's system.

Many of these additionally are mass spammed by the author to entice people into activating them.

Alternatively they may be installed by visiting a malicious web page (either by clicking on a link, or by the website hosting a scripted exploit which installs the Downloader onto the user's system with no user interaction.

 

Upon execution, the trojan attempts to download files from the site:  http://ijk.cc/E/[REMOVED]