Exploit.HTML.Ascii.j
| Alert Level : | Low |
| Discovered: | Jan 10 2008 |
| Tag: | HackerTools Exploits |
| Discoverer and Source: | http://www.kaspersky.com/ |
Malware Behavior and Technical Description
This exploit uses a vulnerability in Internet Explorer (CVE-2006-3227) to run on the victim machine. It is an HTML page. It is 1046 bytes in size. It is not packed in any way.
Payload
This malicious program exploits a vulnerability which enables a remote malicious user to modify the appearance of pages displayed in Internet Explorer and to evade content filtering due to incorrect interpretation of 8-bit ASCII symbols.
The script uses a vulnerability (MS06-014) in MDAC (Microsoft Data Access Components) when using the ADODB.Stream object to download a file from the following link:
http://www.*****media.com/a.exeThis file will be saved to the current user's Windows temporary directory (%Temp%) as "gfdg45.com". The downloaded file is then launched for execution.
At the moment of writing, the link was not working.
Removal Exploit.HTML.Ascii.j instructions:
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Delete the original exploit file (the location will depend on how the program originally penetrated the victim machine).
- Delete the following file: %Temp%\ gfdgj45.com
- Install Internet Explorer updates.
- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
Need help? Live computer support via remote at SupportSpace |
