Exploit-BadBlue

This page shows details and results of our analysis on the malware Exploit-BadBlue

Download Current DAT: 6615

Threat Detail

Malware Type: Malware

Malware Sub-type: Exploit

Discovery Date: 2003-03-20

Next Steps:

Overview
Characteristics
Symptoms
Method of Infection
Removal

Overview

Minimum DAT

4257 (2003-04-09)

Updated DAT

4264 (2003-05-14)

Minimum Engine

5.1.00

File Length

various

Description Added

2003-04-02

Description Modified

2003-04-03

Malware Proliferation

Characteristics

The Exploit-BadBlue is a simple perl script that exploit a known vulnerability in the BadBlue 1.5 web server.
The vulnerability is in the form of a traversal bug allowing the trojan to retrieve from the victim system any file including password file or other confidential data.

Symptoms

N.A.

Method of Infection

This trojan exploits a vulnerability in a remote BadBlue 1.5 Web Server

Removal

All Users:
Use specified engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations