Mal/ExpJS-AA Description

ESG security researchers have received several reports of computer users receiving an email message claiming to contain a file attachment supposedly containing a changelog. However, analyzing the attached file reveals that it is actually a malicious script designed to direct the victim to various attack websites, including one using the Mal/ExpJS-AA JavaScript Exploit. Once the victim visits the website containing the Mal/ExpJS-AA attack, this malware threat will attempt to inject a Trojan downloader onto the victim's computer system, which then creates a backdoor into the infected computer through which a criminal can gain access. Basically, modern malware attacks use several components and attempt to carry out their attack through several simultaneous avenues. This means that they are more difficult to disrupt since it would require taking out several different components at once. Mal/ExpJS-AA is only the beginning of a severe malware attack that can end with the victim's computer falling into the hands of a criminal on a remote server. Having taken over the infected computer, a hacker can use it to perform illegal operations, access any data on the infected computer or attempt to steal the victim's credit card and banking information. To prevent a Mal/ExpJS-AA attack, it is essential to ensure that your anti-malware software, web browser, operating system and JavaScript application are all fully updated. It is also important to disable JavaScript for websites that you do not frequent, which is often done automatically when setting your web browser security settings to their maximum strength.

The Mal/ExpJS-AA Phishing Email

Of course, the most important thing that you can do to prevent becoming a victim of a Mal/ExpJS-AA attack is to avoid opening any file attachments contained in unsolicited email messages. Since these are some of the most common sources of malware, legitimate companies will always avoid sending you unsolicited email messages containing file attachments. The Mal/ExpJS-AA phishing email will typically be very similar to the following example:

Re: Your Changelog
Good day,
as promised chnglog attached (Open with Internet Explorer)

The attached file will be an HTM file that actually runs a script designed to force your web browser to connect to several attack websites without your knowledge. While the script is been executed, you will be given a message claiming that you are being redirected and that you should wait while the website loads. However, while the victim is waiting for this supposed redirect, the script is actually connecting to various malicious websites in the background. At least one of these malicious websites attempts to exploit a known vulnerability in PDF files and Adobe Reader, the Mal/ExpJS-AA attack website attempts to exploit a known JavaScript vulnerability and others attempt to attack your computer system using several exploits in the Windows Operating System.