Symptoms
There are no obvious symptoms until the malware manages to infiltrate teh system.
Removal instructions:
Keep updated the software installed on your computer.
You can disable the ActiveX control related to this vulnerability by setting the kill bit for the following CLSID:
{ BD96C556-65A3-11D0-983A-00C04FC29E36 }
More information about setting a killbit can be found
here.
Please let BitDefender delete the infected files.
Analyzed By
Dana Stanut, virus researcher
Technical Description:
This javascript file is another exploit for a vulnerability in the Microsoft Data Access Components (MDAC) function. Its purpose is to insert a link to a javascript and a bunch of iframes into once clean html files. A few examples of the iframes are given below:
iframe width=0 height=0 src=hxxp://21[removed].cn/Xunlei.htm
iframe width=0 height=0 src=hxxp://21[removed].cn/StormII.htm
iframe width=0 height=0 src=hxxp://21[removed].cn/Yahoo.htm
These iframes lead to other exploits, but when this description was made the links were not active anymore.
More details about the exploited vulnerability can be found here
MS06-014
SHARE
THIS ON