JS/Generic Exploit.j

This page shows details and results of our analysis on the malware JS/Generic Exploit.j

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.


Minimum DAT

5488 (2009-01-07)

Updated DAT

5867 (2010-01-20)

Minimum Engine

5400.1158

File Length

Description Added

2009-01-07

Description Modified

2009-03-20

Malware Proliferation

Characteristics

At the time of writing, the following list of Internet Explorer vulnerabilities are being targeted by the detected JS/Generic Exploit.j webpage:

  • Pointer Reference Memory Corruption Vulnerability - CVE-2008-4844 
  • Microsoft Access Snapshot Viewer ActiveX Control Vulnerability - CVE-2008-2463

We have seen cases in which When successfully penetrated, the W32/Virut.n.gen virus is installed on the victim's machine.

Symptoms

Upon execution, the trojan attempts to download files from a variety of website. We have recently come across some variants trying to download files from www.zief.pl

Method of Infection

This trojan can get installed while browsing compromised websites where it has been hosted.

Removal

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Variants