Threat Database Trojans Mal/ExpJS-AV

Mal/ExpJS-AV

By GoldSparrow in Trojans

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 10
First Seen: November 25, 2012
Last Seen: April 25, 2021
OS(es) Affected: Windows

Mal/ExpJS-AV is a Blackhole exploit JavaScript Trojan that proliferates via a spam email message posing as an invoice from Apple for a $699.99 postcard. The bogus Apple invoice email includes a web-link 'View/Download', which if clicked, downloads the file called 'download.jpg.exe', while the 'Cancel' and 'Not your order' web-links download the file called 'check.php'. If a PC user clicks on any of the web-links, he/she is rerouted to an unrelated website declaring to be the IRS and saying the PC user is not using a supported web browser. Once this web page is illustrated, in the common way of the Blackhole exploit kit, it aims at delivering exploits, found as Mal/ExpJS-AV, against Adobe Flash Player, Adobe Reader and Oracle Java. If any of these are successful, it takes over the targeted PC with the Zeus/ZBot Trojan. If any of these do not work, the image has links for downloading an 'up-to-date' version of these Internet browsers that simply downloads a file called 'update.exe'. If the computer user is exploited or downloads and runs the file his/her PC is corrupted by the Zeus/ZBot Trojan, which is produced to log keystrokes and hijack bank accounts.

File System Details

Mal/ExpJS-AV may create the following file(s):
# File Name Detections
1. update.exe
2. download.jpg.exe
3. check.php

Trending

Most Viewed

Loading...
Enigmasoftware.com uses cookies to provide you with a better browsing experience and analyze how users navigate and utilize the Site. By using this Site or clicking on "OK", you consent to the use of cookies. Learn more.

WAIT! DON'T RISK Leaving Your PC Unprotected

Detect, remove and block Mal/ExpJS-AV and other threats with SpyHunter (FREE Trial)

Get Protected Now (Free Trial!)*
* See Free Trial offer below. EULA and Privacy/Cookie Policy.