Overview
This detection covers an exploit that could be used to install other trojans, viruses, and potentially unwanted programs (adware, spyware, etc). This method of exploitation is often referred to as "drive by installs" or "drive by downloads", meaning that upon visiting a site hosting malicious code, a vulnerable system is automatically instructed to install files.
|
Minimum DAT
4862 (2006-09-28) Updated DAT5336 (2008-07-10) |
Minimum Engine
5.1.00 File LengthVaries |
Description Added
2006-09-27 Description Modified2006-10-01 |
Malware Proliferation
Characteristics
This detection covers an exploit in the WebViewFolderIcon ActiveX control that can result in the execution of arbitrary code. The exploit targets multiple versions Microsoft Internet Explorer.
As this threat utilizes script in order to carry out exploitation, VirusScan's ScriptScan component, or a gateway scanner, is required for the DAT files to offer protection from this threat. Identification is available via other DAT consuming scanners. Scanners may identify malicious files as either Exploit-CVE2006-3730 or JS/Exploit-BO.gen.
For more details on the vulnerability that is exploited by this threat, see:
http://vil.nai.com/vil/Content/v_vul26600.htm
Symptoms
Method of Infection
Users may be lured (such as through spam or spim) to visit a malicious site. Upon loading the web page, a vulnerable web browser will execute the payload.
This detection is sufficiently generic, such that it can cover an endless number of threats that contain the exploit code. Therefore, it is not possible to describe specific symptoms or details about system charges that can occur from this threat. However, simply seeing this detection does not mean that any exploit code was run at all as such exploit code could only run on a vulnerable system.
Removal
All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.
Variants