This JavaScript arrives as attachment to email messages spammed by another malware or a malicious user. It may be hosted on a Web site and run when a user accesses the said Web site. It is usually embedded in HTML documents and executes when a user views said HTML documents.
It exploits a kinown vulnerability in Internet Explorer to download an execute a certain file. The said vulnerability is further discussed in the following Microsoft Web page:
- Microsoft Security Bulletin MS05-054
It then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.
More...