Malware type: JavaScript

Aliases: Trojan-Downloader.JS.Agent.bxv (Kaspersky), HEUR/Exploit.HTML (Avira),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Description: 

This malicious JavaScript (JS) may be downloaded from a certain remote site.

It uses vulnerabilities in the following software to insert IFRAME tags to Web sites:

• Microsoft Data Access Components (MDAC)
• MPS StormPlayer
• Realplayer
• GLWorld
• BaoFeng2 Storm
• Xunlei Thunder DapPlayer

More information on the vulnerabilities exploited by this malicious JavaScript can be found in the following Web pages:

• Microsoft Security Bulletin MS06-014
• CVE-2007-4943
• RealPlayer ActiveX Overflow vulnerability
• CVE-2007-0647
• CVE-2007-4816
• CVE-2007-5064

The inserted tag points to several URLs, which host other malicious scripts detected by Trend Micro as the following:

• JS_DLOADER.UOW
• JS_REALPLAY.AT
• JS_DLOADER.AP
• JS_DLOADER.GXS
• VBS_PSYME.CSZ
• JS_VEEMYFULL.AA
• JS_REALPLAY.CE
• JS_LIANZONG.E
• JS_SENGLOT.D

For additional information about this threat, see:
Solution
Technical Details

Description created: May. 17, 2008 5:43:41 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.