Saturday, June 26, 2004


F-Secure Computer Virus Information Pages: Scob

NAME: Scob
ALIAS: JS.Scob.Trojan, JS/Scob
ALIAS: JS.Toofer, JS/Exploit-DialogArg.b


Scob is a trojan downloader written in JavaScript. It has been found from a number of web sites at June 24th, 2004. The trojan has been found to be appended to existing files at those web servers, for example pictures such as jpeg files. Accoding to reports, the script has not been appeded by modifying the actual files on the server but using the so called footer feature from Microsoft's Internet Information Server.

When executed, the trojan attepts to use an invisible frame to connect to a page at a remote web site. At the time of writing, the page in the web site is not available. While the page is not currently available, there has been reports that this downloader has been used to install variants of Padodor backdoor. Further information about Padodor is available at: http://www.f-secure.com/v-descs/padodorw.shtml

The trojan also sets a cookie on the system, causing that it will attempt to connect the remote site no often than once every week.

Further information about this case is also available from Microsoft: http://www.microsoft.com/security/incident/download_ject.mspx


Detection in F-Secure Anti-Virus was published on June 25th, 2004 in update:




Post a Comment

<< Home

Get Firefox!