My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Exploit.HTML.IframeBof.BN

VERY HIGH
MEDIUM
approx 2550 bytes

Symptoms

Presence of a file named m00.exe.

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Mihai Razvan Benchea, virus researcher

Technical Description:

The script exploits a vulnerability discovered on Internet Explorer 5.0 (blnmgr.dll). When executed, the script adds the following clsid: "083863f1-70de-11d0-b4d0-00a0c911ce86". The shellcode of the exploit is then executed on the remote host. It first tries to resolve its imports and after that tries to download and execute a file from the address: http://freedom.tih[hidden]. After the files is executed, the browser is being closed. The files is saved with the name m00.exe