|
Exploit.HTML.ObjDat Viruses Information
| Name: |
Exploit.HTML.ObjDat |
| Category: |
Viruses |
| Description:
|
Details
Exploit.HTML.ObjData
ObjData is an exploit often seen in spam mailings.
ObjData attempts to use the Object Type Vulnerability and Two vulnerabilities that could allow an attacker to cause arbitrary code to run on the user's system in MS Windows described in the following Security Bulletins:
Microsoft Security Bulletin MS03-032
Microsoft Security Bulletin MS03-040
These vulnerabilities are critical since they allow for the execution of random malicious code when users visit specially constructed HTML pages.
A sample of code from the end of the file:
fatbonuscasino
.com/page.php">
Decryption of above:
http://www.fatbonuscasino.com/page.php
Once users connect to this site a chain of Trojans hits:
Trojandropper.VBS.Zerolin which extracts TrojanDropper.Win32.Small.ei from itself and executes it.
Small.ei in turn extracts two more Trojans from itself: TrojanNotifier.Win32.Small.d and TrojanProxy.Win32.Daemonize.j. |
Top Viruses Visited Pages:
Invader. - 234 visits
not-a-virus:RiskWare.Tool.RegPatch. - 71 visits
Worm.P2P.Harex. - 65 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 59 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 47 visits
Win16.Klon.1177 - 42 visits
Win32.Hidra - 42 visits
Marine.500 - 35 visits
Random Viruses Pages:
SRX.230
Xtac.156
PingPong.
Win95.Fono.1532
Disillu.110
Burger.560.
Worm.Win32.Slacko
Nautilus famil
Vandal.189
Border.78
|
