Subscribe
This malicious program exploits a vulnerability which enables a remote malicious user to modify the appearance of pages displayed in Internet Explorer and to evade content filtering due to incorrect interpretation of 8-bit ASCII symbols.
This script may download other malicious files without the user's knowledge by using a buffer overflow vulnerability when calling the ConnectAndEnterRoom method for GlobalLink. Files are downloaded from the link below:
http://pic*****vg/S368/S3682.exeAt the moment of writing, the file placed on this link was 1436 bytes in size and detected by Kaspersky Anti-Virus as Trojan-Downloader.Win32.Tiny.eo.
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Delete the original exploit file (the location will depend on how the program originally penetrated the victim machine).
- Delete all files from %Temporary Internet Files%.
- Install Internet Explorer updates.
- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
This exploit uses a vulnerability in Internet Explorer (CVE-2006-3227) to run on the victim machine. It is an HTML page. It is 4354 bytes in size. It is not packed in any way.
Payload
Hot Articles