Malware type: JavaScript

Aliases: No Alias Found

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

Malware Overview

Trend Micro has flagged this JavaScript as noteworthy due to the increased potential for damage, propagation, or both, that it possesses.

It may be downloaded from certain remote sites. It may be downloaded unknowingly by a user when visiting malicious Web sites.

It exploits a zero-day vulnerability in the Microsoft Video streaming ActiveX control known as the Microsoft DirectShow MPEG2TuneRequest Stack Overflow. Once systems are exploited, it then downloads and executes a worm that Trend Micro already detects as WORM_KILLAV.AI. As a result, malicious routines of the downloaded worm are also exhibited on the affected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jul. 6, 2009 11:06:50 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.