|
Description:
To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
Malware Overview
This malicious JavaScript can arrive via the Internet when an unsuspecting user visits the malicious Web page that hosts it. It can also arrive as a file dropped or downloaded by another malware.
It exploits a new vulnerability in Internet Explorer (IE) that allows it connects to the URL {BLOCKED}rvhgwuzc.biz/dl/oaderadv499.exe to download a malicious file detected by Trend Micro as TROJ_AGENT.FGD. The routines of the downloaded Trojan are then exhibited onto the affected system.
The said vulnerability targets IE’s WebViewFolderIcon ActiveX control. More information can be found in this link.
Note that this detection is a zero-day exploit because it attacks a software vulnerability for which the vendor has not released a patch. This may pose as a dangerous situation in which a lot of computers may be affected due to the availability of the exploit code, and the fact that there is no available patch for the vulnerability.
For additional information about this threat, see:
Solution
Technical Details
Description created: Sep. 30, 2006 12:29:49 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
