Exploit.HTML.IframeBof.BN
VERY HIGH
MEDIUM
approx 2550 bytes
()
Symptoms
Presence of a file named m00.exe.
Removal instructions:
Please let BitDefender disinfect your files.
Analyzed By
Mihai Razvan Benchea, virus researcher
Technical Description:
The script exploits a vulnerability discovered on Internet Explorer 5.0 (blnmgr.dll). When executed, the script adds the following clsid: "083863f1-70de-11d0-b4d0-00a0c911ce86". The shellcode of the exploit is then executed on the remote host. It first tries to resolve its imports and after that tries to download and execute a file from the address: http://freedom.tih[hidden]. After the files is executed, the browser is being closed. The files is saved with the name m00.exe
SHARE
THIS ON