My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Exploit.Html.Ieslice.P

VERY HIGH
LOW
~ 10 Kb

Symptoms

        This is a downloader script so you will most likely notice the efect of the malware it downloads.The malware that this script downloads is now detected as Trojan.Proxy.Ranky.GG





Removal instructions:

Please let BitDefender disinfect your computer.

Analyzed By

Mihai Cimpoesu, Virus Researcher

Technical Description:

        It comes as an embedded, very obfuscated JS script inside a html page that displays the "404 - Document not found message" error message.

        It takes advantage of the Microsoft WebViewFolderIcon ActiveX Control Buffer Overflow Vulnerability to allow the download code that is stored in a JS unescape sequence to be executed and thus downloading the malware found at address http://lakisman.info/logo/[removed]

        If, by any chance this exploit fails it has another possibility to download the malware by using one vulnerability in the ADODB.Stream object from Internet Explorer. A description of this vulnerability can be found here : http://support.microsoft.com/default.aspx?scid=kb;EN;870669