Exploit.Html.Ieslice.P
SYMPTOMS: This is a downloader script so you will most likely notice the efect of the malware it downloads.The malware that this script downloads is now detected as Trojan.Proxy.Ranky.GGTECHNICAL DESCRIPTION: It comes as an embedded, very obfuscated JS script inside a html page that displays the "404 - Document not found message" error message.It takes advantage of the Microsoft WebViewFolderIcon ActiveX Control Buffer Overflow Vulnerability to allow the download code that is stored in a JS unescape sequence to be executed and thus downloading the malware found at address http://lakisman.info/logo/[removed] If, by any chance this exploit fails it has another possibility to download the malware by using one vulnerability in the ADODB.Stream object from Internet Explorer. A description of this vulnerability can be found here : http://support.microsoft.com/default.aspx?scid=kb;EN;870669 Removal instructions: Please let BitDefender disinfect your computer.ANALYZED BY: Mihai Cimpoesu, Virus Researcher |
