This JavaScript may be hosted on a Web site and run when a user accesses the said Web site. Once a user visits the Web site hosting this malware, it downloads a file.

It takes advantage of the vulnerability in Microsoft Data Access Components (MDAC). That allows the scripts to download and execute malicious files.

More information of the said vulnerability is available in the following Web site:

Microsoft Security Bulletin MS06-014
It uses Microsoft.XMLHTTP object with CLSID BD96C556-65A3-11D0-983A-00C04FC29E36 and ADODB.Stream objects to download the file.

The Microsoft.XMLHTTP object is one of Microsoft's suite of XML DOM (Document Object Model) components that are initially designed to provide client-side access to XML documents on remote servers through the HTTP protocol. The said object is used to request or send any type of document.

The ADODB.Stream object is used to read, write, and manage a stream of binary data or text. Note that VBScript and JavaScript do not usually have capabilities to read and write files because they are programmed as safe client-side programming languages. To work with files, the use of a built-in or external ActiveX or COM object, such as Microsoft.XMLHTTP and ADODB.Stream objects, is required.



More...