JS_DLOADER.SMGA

Posted: June 29, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	9/10
Infected PCs:	33

First Seen:	June 29, 2012
OS(es) Affected:	Windows

JS_DLOADER.SMGA is a Trojan downloader that uses a recent Internet Explorer exploit to install a second PC threat, BKDR_AGENT.BCSG. BKDR_AGENT.BCSG, which then makes malicious modifications to Windows components, places an additional file onto the computer and then deletes itself to avoid detection. These attacks place your PC at a high level of risk for being compromised in a variety of ways, including losing personal information or inadvertently allowing criminals to control your computer. Because JS_DLOADER.SMGA may be downloaded even via safe websites that have been hacked, SpywareRemove.com malware researchers encourage you to use anti-malware protection if you insist on browsing the web with IE8 (which should be updated to reduce vulnerabilities like those that JS_DLOADER.SMGA exploits).

That 'Pic' That JS_DLOADER.SMGA Slaps Onto Your Hard Drive is Worse Than It Seems

JS_DLOADER.SMGA is a browser-based PC threat for Internet Explorer 8, and uses the vulnerability labeled CVE-2012-1875 to install the backdoor Trojan BKDR_AGENT.BCSG on your PC. Similar attacks by other PC threats can also use this vulnerability to install other forms of malicious software by way of hacked sites, malicious sites and compromised advertising networks. Since this vulnerability has been patched by Microsoft, updating IE8 should be adequate for protecting your computer from this particular exploit, if not necessarily from all similar attacks.

Although JS_DLOADER.SMGA deftly circumnavigates around default IE security like Data Execution Prevention in the course of its attack, JS_DLOADER.SMGA's only payload is the installation of BKDR_AGENT.BCSG. JS_DLOADER.SMGA places BKDR_AGENT.BCSG on your hard drive in the form of a fake .jpg file, although BKDR_AGENT.BCSG deletes itself after its own attacks, which create a backdoor vulnerability on your PC.

Saving Your Hard Drive from JS_DLOADER.SMGA and Why You Should Care

Backdoor exploits like those that are ultimately caused by JS_DLOADER.SMGA can be used to install practically any other type of PC threat, modify your system settings in dangerous ways, steal personal information and launch other attacks without explicit or visible symptoms. As a consequence of the danger involved in a successful JS_DLOADER.SMGA attack, SpywareRemove.com malware research team suggests using anti-malware scans to detect potential JS_DLOADER.SMGA payloads if you have any reason to suspect that your PC could have been targeted by JS_DLOADER.SMGA.

However, non-Windows PCs, non-IE8 browsers and browsers with JavaScript disabled are safe from JS_DLOADER.SMGA, which can only run under Java-enabled, IE8-based circumstances. Strong browser settings, such as disabling JavaScript, are always recommended by SpywareRemove.com malware experts as an easy method for closing off common infection vectors that are used by hacked and hostile sites. Despite this, these safeguards should never take the place of having anti-malware programs that can detect zero-day vulnerabilities that are adept at avoiding baseline web-browsing defenses.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

file.html

File name: file.html
Size: 11.33 KB (11337 bytes)
MD5: e05a487dd056046a345632d734737f5e
Detection count: 99
Mime Type: unknown/html
Group: Malware file
Last Updated: July 2, 2012

ver1.html

File name: ver1.html
Size: 18.12 KB (18126 bytes)
MD5: 085933ac6c62181a9fcbbc6e2a2f5bde
Detection count: 1
Mime Type: unknown/html
Group: Malware file
Last Updated: July 2, 2012

%User Temp%\log.gif

File name: %User Temp%\log.gif
Mime Type: unknown/gif
Group: Malware file

nav.html

File name: nav.html
Size: 18.12 KB (18128 bytes)
MD5: d0f88e2cc744093fe25479a2c964e2fe
Detection count: 0
Mime Type: unknown/html
Group: Malware file
Last Updated: July 2, 2012