|
Description:
This is Trend Micro's generic detection for JavaScript malware that take advantage of a known security vulnerability on unpatched Internet Explorer browsers.
The vulnerability allows Java applets to run any desired ActiveX control from a Web page, or from within an HTML-based email message, that would enable it to read, write, and run files from accessible drives. This vulnerability also allows applets to download a file from a specified Web site and execute this file locally.
JavaScript malware containing this vulnerability are often embedded in HTML sites and are usually used to modify the default Internet Explorer home page and to add web links to the Favorites folder. Other malware samples modify the default stationery for Outlook Express, while some are found to have mailing capabilities.
More information on this vulnerability is available at the Microsoft Security Bulletin article, Patch Available for 'Microsoft VM ActiveX Component' Vulnerability.
For additional information about this threat, see:
Solution
Technical Details
Description created: Nov. 22, 2001 7:47:38 PM GMT -0800
Description updated: Dec. 18, 2001 5:04:42 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
