Cart
Exploit.SWF.Gen
SYMPTOMS: The presence of some Trojan.PWS files and an outdated version of FlashPlayerTECHNICAL DESCRIPTION: Specifically crafted SWF(flash files) files allow remote file execution when the client has a vulnerable FlashPlayer.A malformed SWF record's value triggers a buffer overflow. The size of the SWF files vary. Usually it's a download and execute shellcode used to download and run a PasswordStealer trojan. It seems that all versions of flashplayer up to 9.0.124.0 are vulnerable ( though we saw malicious pages trying to exploit only version 115 and 47). We recommend keeping FlashPlayer up to date.. Also, keep the BitDefender shield active.Removal instructions: This file can't be disinfected. Just keep the shield up. Please let BitDefender disinfect your computer(if the exploit succeeded then it's 99% you have a Trojan.PWS on your computer)ANALYZED BY: Alexandru Maximciuc, virus researcher |
