Trojan.Exploit.JS.G
HIGH
MEDIUM
5,372
(Trojan-Downloader.JS.Agent.byr
JS/Mult.M
JS.Agent.HG)
Symptoms
A firewall might warn you about connections to certain sites (such as http://www.????el.com/back.css).
Removal instructions:
This malware is not resident on your computer. Avoid the infected sites!
Analyzed By
Deac Razvan-Ioan, virus researcher
Technical Description:
When accessing an infected site, the internet browser runs a script which exploits a buffer overflow vulnerability of certain versions of the Real Player ActiveX plugin. By doing so, the malware manages to run it's own code on the host machine. This code connects to http://www.????el.com/back.css and tries to download a file. When this description was made the URL was not active.
SHARE
THIS ON