|
Description:
To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Behavior Diagram shown below.
Malware Overview
This proof-of-concept (PoC) Perl script arrives as a Microsoft Excel (.XLS) file that may also be downloaded or dropped by another malware.
It takes advantage of a zero-day exploit in Microsoft Excel. Zero-day exploits are termed as such because the unpatched vulnerability and its corresponding exploit code are released within the same day. This may pose as a dangerous situation in which a lot of computers may be affected due to the availability of exploit code, and the fact that the vendor has not been given enough time to patch it.
It is a crafted .XLS file, which contains a long URL string. If the URL string is greater than the given buffer size, it causes a buffer overflow. Once the user clicks on the URL, it exploits the Microsoft HLINK.DLL Link Memory Corruption vulnerability. This prevents Excel files from functioning normally. Details of the said vulnerability is found in this Web page:
The mentioned exploit affects Microsoft Excel 2002 and 2003.
For additional information about this threat, see:
Solution
Technical Details
Description created: Jun. 21, 2006 3:08:49 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
