BitDefender Antivirus
My BitDefender | My Shopping Cart Cart
Go

Trojan.Exploit.JS.O

Spreading: high
Damage: high
Size: varies
Discovered: 2008 Oct 11

SYMPTOMS:

The exploitation does not show any signs until the attacker infiltrates the system.

TECHNICAL DESCRIPTION:

The malware is a script written in Javascript. It is a part of known redirection and infection chains described in Trojan.Exploit.SSX (or later Trojan.Exploit.ANNZ ).


It is basically the same technique, but malware evolves and so a new features/exploits has been added:
  1. CVE-2008-0647 which uses buffer overflow in the HanGamePluginCn18.HanGamePluginCn18.1 ActiveX control in HanGamePluginCn18.dll in Ourgame GLWorld 2.6.1.29.
  2. A vulnerability for Adobe Flash player - CVE-2007-0071 which uses the d27cdb6e-ae6d-11cf-96b8-444553540000 CLSID.

Removal instructions:

Update the products you are using. Set the kill bit to zero to the affected Activex controls until the update .

Please let BitDefender disinfect your files.

ANALYZED BY:

Daniel Chipiristeanu, virus researcher
Quick Links » New Game Safe » Renew License » Free Customer Support » Free Online Scanner » Press Center
©   2009 BITDEFENDER SiteMap | Legal Terms | Site Feedback | Contact Us | Global Sites | Privacy Policy | Forum