Malware type: Trojan

Aliases: No Alias Found

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Description: 

This is a Trend Micro detection for a specially crafted HTML file that uses shellcode heap spray techniques to exploit multiple vulnerabilities. The said technique allows this Trojan to execute commands repeatedly that eventually causes a buffer overflow on the software it targets. This technique also allows the Trojan to write sequence of values on the affected software.

It may be hosted on a Web site and run when a user accesses the said Web site.

It initally attempts to exploit the following vulnerabilities:

• Vulnerability in Windows Explorer Could Allow Remote Execution

It exploits this vulnerability in an attempt to connect to a certain website.

This Trojan then simultaneously exploits the following vulnerabilities in an attempt to download a file from a certain site:

• Buffer overflow in Apple QuickTime 7.1.3
• Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control
• Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution

Finally, it checks for the version of Internet Explorer (IE) installed on the affected system. If the IE version is 7, it then exploits the following vulnerabilities to possibly download other malicious files:

• Microsoft Internet Explorer 7 Memory Corruption Exploit

For additional information about this threat, see:
Solution
Technical Details

Description created: Jun. 3, 2009 3:46:06 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.