1. Symantec/
  2. Security Response/
  3. Trojan.Malscript!html


Risk Level 1: Very Low

January 15, 2008
April 23, 2010 8:50:57 AM
Trojan, Virus
Infection Length:
Systems Affected:
Linux, Mac, Windows
Trojan.Malscript!html is a detection name used by Symantec to identify HTML files that contain malicious JavaScript.

HTML files may contain malicious content for a number of reasons. The files may have been specially crafted to be intrinsically malicious, or they may be legitimate HTML files that have been infected by threats such as W32.Ramnit or W32.Fujacks.CE. The files may be downloaded on to the computer during Web browsing, by other malware, inside archive files, and through various other methods.

With the Web browser now used for online shopping, banking, social networking, and entertainment, it has become one of the most popular targets for attackers. The attack surface is large, with third-party plugins and extensions that extend browser capabilities also being vulnerable to attack. Browser compromise can therefore be the cause of some of the most significant security breaches and hence can cause a great deal of harm to compromised computers and the victims of the attacks.

Authors of malicious JavaScript may go to lengths to ensure that their code is obfuscated so that its functionality is hidden from casual observers and to complicate the task of analysis. Obfuscation may also be used in an attempt to create code that is able to circumvent security software.

When injected into an HTML file, malicious JavaScript can:
  • Exploit browser and plugin vulnerabilities to run arbitrary code
  • Display fake antivirus scans and other fraudulent information
  • Download JavaScript, HTML, and other files
  • Hijack browsing sessions
  • Redirect users to malicious websites
  • Steal information

If a Symantec antivirus product displays a detection alert for this threat, it means the computer is already protected and the Symantec product will effectively remove this threat from the computer.

Antivirus Protection Dates

  • Initial Rapid Release version January 18, 2008 revision 040
  • Latest Rapid Release version March 18, 2018 revision 041
  • Initial Daily Certified version January 18, 2008 revision 007
  • Latest Daily Certified version March 19, 2018 revision 003
  • Initial Weekly Certified release date January 16, 2008
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Henry Bell

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube