SHARE
THIS ON

Facebook Twitter Google Plus

Trojan.Exploit.JS.O

HIGH
HIGH
varies
()

Symptoms

The exploitation does not show any signs until the attacker infiltrates the system.

Removal instructions:

Update the products you are using. Set the kill bit to zero to the affected Activex controls until the update .

Please let BitDefender disinfect your files.

Analyzed By

Daniel Chipiristeanu, virus researcher

Technical Description:

The malware is a script written in Javascript. It is a part of known redirection and infection chains described in Trojan.Exploit.SSX (or later Trojan.Exploit.ANNZ ).


It is basically the same technique, but malware evolves and so a new features/exploits has been added:
  1. CVE-2008-0647 which uses buffer overflow in the HanGamePluginCn18.HanGamePluginCn18.1 ActiveX control in HanGamePluginCn18.dll in Ourgame GLWorld 2.6.1.29.
  2. A vulnerability for Adobe Flash player - CVE-2007-0071 which uses the d27cdb6e-ae6d-11cf-96b8-444553540000 CLSID.
Antivirus Software For Home Users
Business Security Solutions
Latest News
Tools & Resources