Virus Profile: JS/Wonka

Threat Search

Virus Profile information details
Risk Assessment:	Home Low-Profiled \| Corporate Low-Profiled
Date Discovered:	9/8/2005
Date Added:	9/8/2005
Origin:	N/A
Length:	various
Type:	Trojan
Subtype:	Script
DAT Required:	4577
Removal Instructions

Overview
Virus Characteristics
Removal Instructions

Description

-- Update August 24, 2007 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.computerworlduk.com/management/security/cybercrime/news/index.cfm?newsid=4825

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Indication of Infection

Vary

Methods of Infection

JS/Wonka may be used as a means to load other malicious scripts and exploit trojans.

Back to Top
View Virus Characteristics

Virus Characteristics

-- Update August 24, 2007 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.computerworlduk.com/management/security/cybercrime/news/index.cfm?newsid=4825
--
-- Update September 28, 2005 --
Several cases have been reported to AVERT as potential incorrect identifications of JS/Wonka, which turned out to be accurate hits. These observations were typically made upon visiting hacked web pages. These hacked pages have an IFRAME inserted that point to an external website containing malware such as Exploit-Codebase, Exploit-ANIFile, W32/Dumaru.gen, and Exploit-MhtRedir.gen.

This is a generic detection for highly obfuscated JavaScript. The signature is based on specfic characteristics of the encryption.
Because this is a generic detection there is no specific description of the activity undertaken by JavaScript detected under this name, however these can include malicious activity such as downloading and executing files.

Please submit samples that you think may be false alarms to virus_research@avertlabs.com.

Back to Top
Back To Overview View Removal Instructions

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.
Back to Top
View Virus Characteristics

Virus Information

Virus Removal Tools

Threat Activity

Top Tracked Viruses

Virus Hoaxes

Regional Virus Information

Global Virus Map

Virus Calendar

Glossary

Anti-Virus Tips

Display Threat Alerts on Your Site

Indications of Infection:

Risk Assessment:

Date Discovered:

Type/Sub-Type: