Subscribe
This malicious program exploits a vulnerability which enables a remote malicious user to modify the appearance of pages displayed in Internet Explorer and to evade content filtering due to incorrect interpretation of 8-bit ASCII symbols.
The script can download other files without the knowledge of the user by using the Baidu Soba Remote Code Execute Vulnerability (FGA-2007-10). This vulnerability enables a remote malicious user to download and launch files by calling DloadDS for Baidu Soba. Files are downloaded from the link below:
http://www1.*****oy.com/S368/calc.cabS3682.exeAt the time of writing, this link was not working.
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Delete the original exploit file (the location will depend on how the program originally penetrated the victim machine).
- Delete all files from %Temporary Internet Files%.
- Install Internet Explorer updates.
- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
This exploit uses a vulnerability in Internet Explorer (CVE-2006-3227) to run on the victim machine. It is an HTML page. It is 677 bytes in size. It is not packed in any way.
Payload
Hot Articles