Overview
This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
|
Minimum DAT
4367 (2004-06-16) Updated DAT4544 (2005-07-27) |
Minimum Engine
5.1.00 File Lengthvaries |
Description Added
2004-06-15 Description Modified2004-06-15 |
Malware Proliferation
Characteristics
This detection covers HTML documents (such as web pages and HTML formatted email messages) that contain malicious JavaScript, which exploit an Internet Explorer vulnerability resulting in Internet Explorer displaying one location in the Address bar, but actually loading the content from a different site. Such URL spoofing can result in attackers creating forged versions of legitimate sites in order to steal account information, personal information, etc.
Symptoms
There are no obvious symptoms of this exploit. Files detected as JS/Stealus are benign themselves. No system changes or damage occurs from accessing an JS/Stealus file. However, following an exploited hyperlink within a detected file can result in users being tricked to divulge personal information, install malicious software, etc.
Method of Infection
Email spam is the most likely delivery method of such malicious html pages, to lure users into updating account information.
Removal
All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.
Variants