TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
EXPL_NEVAR.B
Overview
Solution

Malware type: Exploit

Aliases: Exploit.Win32.IMG-WMF.ck (Kaspersky), Exploit-CVE2008-1087 (McAfee), Trojan.Emifie (Symantec), EXP/IMG-WMF.CK (Avira), TrojanDownloader:Win32/Poisonvy!JPG (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 Low

Description: 

Trend Micro threat researchers post findings and analyses on various threats in real-time at the Malware Blog. Users can find more information about this specific threat here.

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

EXPL_NEVAR.B Behavior Diagram

Malware Overview

This exploit may be dropped by other malware. It may arrive bundled with malware packages as a malware component.

It takes advantage of the GDI vulnerability in Microsoft. More information on the said vulnerability can be viewed in the following page:

Once exploited, the said vulnerability allows a remote user or a malware program to download files on the affected machine. As a result, the affected system becomes compromised.

It also attempts to connect to a certain URL to download a file detected by Trend Micro as BKDR_POISONIV.QI. As a result, malicious routines of the downloaded file may be exhibited on the affected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Apr. 11, 2008 1:46:07 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.