Malware type: JavaScript

Aliases: Exploit.JS.Agent.yq (Kaspersky), Exploit-XMLhttp.d.gen (McAfee), Bloodhound.Exploit.219 (Symantec), JS/Bofra.A.1 (Avira), Exploit:JS/Mult.AI (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 2000 (SP4), XP, Server 2003, Vista, Server 2008

Encrypted: No

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

Malware Overview

This malicious JavaScript may be hosted on a Web site and run when a user accesses the said Web site.

It takes advantage of a vulnerability in several versions of Internet Explorer.

More information on the said vulnerability can be found on the following link:

• http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx

Once it successfully exploits the vulnerability, it accesses various URLs to download malicious files, including RTKT_BUREY.C. As a result, malicious routines of the downloaded files may be exhibited on the affected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Dec. 10, 2008 12:05:43 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.