Troj/JSAgent-CK is Delivered in Malicious Email Attachments
The Malicious Email Message Associated with Troj/JSAgent-CK
The Troj/JSAgent-CK email message will claim to contain information on a rejected money transfer. This message contains an attached HTML file that is actually detected as the Troj/JSAgent-CK Trojan. There are several variants of Troj/JSAgent-CK’s malicious email message, but they will all contain subject lines somehow relating to a supposed ‘Wire Transfer’ rejection or confirmation as well as a fake confirmation in some cases. The Troj/JSAgent-CK Trojan itself is contained in a file named Wire_AMBA01-Rejected.htm. When this file is opened, the computer user will receive a message that says ‘Please wait a moment. You will be forwarded…’ However, in the background a malicious script is being executed that directs the victim to a compromised Russian website that uses the Blackhole exploit kit to attack the victim’s computer. This happens in a matter of seconds and often can occur without the victim realizing what has happened. This same malicious website and method have been used in recent months to attack computer users with fake email messages from Facebook (with three ‘o’s’) and bogus airline ticket confirmation email messages.
How Can You Detect Troj/JSAgent-CK?
Troj/JSAgent-CK Removal Details
Troj/JSAgent-CK creates the following files in the system: