Overview
This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
|
Minimum DAT
4722 (2006-03-20) Updated DAT4723 (2006-03-21) |
Minimum Engine
5.1.00 File LengthVaries |
Description Added
2006-03-16 Description Modified2006-03-16 |
Malware Proliferation
Characteristics
Initial detection is limited to email/gateway scanning products.
This detection covers malicious HTML files/messages that attempt to exploit a 0-day, buffer overflow vulnerability in the MSIE script action handler. Proof of concept code was posted to the web recently that results in a denial of service attack (crash) against Microsoft Internet Explorer browsers.
Symptoms
Method of Infection
This detection covers files attempting to exploit a vulnerability. Detection targets the exploit code itself, rather than any specific payload. Therefore, details about one payload are not available. It is believed that remote code execution is possible.
Removal
All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.
Variants