PUBLIC MARKS from nr23 with tag js_dloader.kqz

This JavaScript is usually embedded in a malicious Web site and is run on a system when a user visits the said Web site. When executed, it connects to the following malicious HTML sites: * http://{BLOCKED}521.com/ff.htm * http://{BLOCKED}521.com/gg.htm Trend Micro detects the script in the abovementioned HTML sites as JS_DLOADER.KQZ. The said sites contain codes that download and execute a file named W1C.EXE, which Trend Micro detects as TROJ_ZLOB.BZE. As a result, the routines of the related Trojan may be exhibited on the affected system.