Cart
Trojan.VBS.Psyme.UT
SYMPTOMS: Increased Internet activity.TECHNICAL DESCRIPTION: This is a malicious JavaScript, that is part of a major attack that took place in first half of May 2008. A visit to any compromised site is enough to get infected with this malicious script. It will test for several components having vulnerabilities, and will insert IFRAME tags that will point to attacker's other malicious scripts: "http://err.www4[...]/614.gif" "http://err.www4[...]/real10.gif" "http://err.www4[...]/bf.gif" "http://err.www4[...]/lz.gif" "http://err.www4[...]/real11.gif" "http://js.ton[...]hoo.com/621252/ystat.js" Vulnerabilities exploited by those scripts are: (CVE-2007-1765) MS06-14 (CVE-2007-4816) Baofeng Storm MPS.StormPlayer (CVE-2007-5722) GLCHAT.GLChatCtrl.1 ActiveX (CVE-2007-5601) RealPlayer IERPCtl.IERPCtl.1 All those malicious scripts will download and execute trojans on your computer. At the moment of analysis, those trojans are detected as: Trojan.Downloader.Agent.YTX Win32.Almanahe.D Removal instructions: Please let BitDefender delete your infected files.ANALYZED BY: Marius TIVADAR, virus researcher |