Re: Javascript exploit



From: "Ant" <not@xxxxxxxxxx>


|
| That's a randomly generated number. The two pages are identical, and
| there's a variety of exploits targetting all versions of Windows from
| 95 to 2k3, involving adodb.stream, setSlice and a Java applet.
|
| The file may end up as Uninstall.exe, Uninstall0.exe, NTDETECT.EXE or
| [6 random digits].exe, and is downloaded from here:
|
| h__p://66.199.235.67/bin/win.exe
|
| The Java package "jvm.jar" is at the original URL.
|

More Trojan explots are there.

Interrestly, uses new variant of the ByteVerify Trojan exploit found in the Java Jar....

Complete scanning result of "Baaaaa.class", processed in VirusTotal at 11/06/2006 02:42:19
(CET).

[ file data ]
* name: Baaaaa.class
* size: 2398
* md5.: 912f17353dba83c5f8e616383c5da7c9
* sha1: a88ff3df09f8c89d86d9d91359754cb80aadd730

[ scan result ]
AntiVir 7.2.0.37/20061105 found [Java/Exploit.By.A.1]
Authentium 4.93.8/20061105 found nothing
Avast 4.7.892.0/20061103 found nothing
AVG 386/20061104 found nothing
BitDefender 7.2/20061105 found nothing
CAT-QuickHeal 8.00/20061104 found nothing
ClamAV devel-20060426/20061105 found nothing
DrWeb 4.33/20061105 found nothing
eTrust-InoculateIT 23.73.45/20061103 found nothing
eTrust-Vet 30.3.3176/20061103 found nothing
Ewido 4.0/20061105 found nothing
F-Prot 3.16f/20061104 found nothing
F-Prot4 4.2.1.29/20061104 found nothing
Fortinet 2.82.0.0/20061105 found nothing
Ikarus 0.2.65.0/20061105 found nothing
Kaspersky 4.0.2.24/20061106 found nothing
McAfee 4888/20061103 found nothing
Microsoft 1.1609 /20061104 found nothing
NOD32v2 1.1853/20061103 found nothing
Norman 5.80.02/20061103 found nothing
Panda 9.0.0.4/20061106 found nothing
Sophos 4.10.0/20061026 found nothing
TheHacker 6.0.1.112/20061103 found nothing
UNA 1.83/20061103 found nothing
VBA32 3.11.1/20061105 found nothing
VirusBuster 4.3.15:9/20061105 found nothing


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


.