1. /
  2. Security Response/
  3. Trojan.Malscript!html

Trojan.Malscript!html

Risk Level 1: Very Low

Discovered:
January 15, 2008
Updated:
April 23, 2010 8:50:57 AM
Type:
Trojan, Virus
Infection Length:
Varies
Systems Affected:
Linux, Mac OS X, Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
Trojan.Malscript!html is a detection name used by Symantec to identify HTML files that contain malicious JavaScript.

HTML files may contain malicious content for a number of reasons. The files may have been specially crafted to be intrinsically malicious, or they may be legitimate HTML files that have been infected by threats such as W32.Ramnit or W32.Fujacks.CE. The files may be downloaded on to the computer during Web browsing, by other malware, inside archive files, and through various other methods.

With the Web browser now used for online shopping, banking, social networking, and entertainment, it has become one of the most popular targets for attackers. The attack surface is large, with third-party plugins and extensions that extend browser capabilities also being vulnerable to attack. Browser compromise can therefore be the cause of some of the most significant security breaches and hence can cause a great deal of harm to compromised computers and the victims of the attacks.

Authors of malicious JavaScript may go to lengths to ensure that their code is obfuscated so that its functionality is hidden from casual observers and to complicate the task of analysis. Obfuscation may also be used in an attempt to create code that is able to circumvent security software.

When injected into an HTML file, malicious JavaScript can:
  • Exploit browser and plugin vulnerabilities to run arbitrary code
  • Display fake antivirus scans and other fraudulent information
  • Download JavaScript, HTML, and other files
  • Hijack browsing sessions
  • Redirect users to malicious websites
  • Steal information

If a Symantec antivirus product displays a detection alert for this threat, it means the computer is already protected and the Symantec product will effectively remove this threat from the computer.

Antivirus Protection Dates

  • Initial Rapid Release version January 18, 2008 revision 040
  • Latest Rapid Release version June 24, 2014 revision 006
  • Initial Daily Certified version January 18, 2008 revision 007
  • Latest Daily Certified version March 27, 2014 revision 034
  • Initial Weekly Certified release date January 16, 2008
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Medium
  • Payload: May download files or redirect the user to malicious URLs
  • Releases Confidential Info: May steal information

Distribution

  • Distribution Level: Low
Writeup By: Henry Bell

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver