|  | 
 
 发表于 2004-12-15 15:22:18
|
显示全部楼层 
| ViRUS NAME :JS_BAIDU.A , b/ I; _0 i) g- F. C1 r) l: R7 _" ^7 |' a* g0 \
 
 7 m8 K5 \6 I0 F$ I+ f" IQUICK LINKS Solution | Understanding New Pattern Format
 1 }, b7 ^8 J3 ~- o$ {, Y4 C5 p$ W1 v4 |! c/ \3 E
 --------------------------------------------------------------------------------
 7 g% M# _0 X# w4 F% d 3 L& K/ C( p/ {" H1 ^! v( Q
 Virus type: JavaScript ; b0 C* u/ b3 D4 E7 C2 P
 
 , U4 t7 Q- U* y5 m( i( UDestructive: No
 0 y1 X1 Y1 R2 l 2 ?7 ^# o; c5 @
 Pattern file needed: 2.292.08 7 I5 j; i2 V3 ~; Z
 
 9 Y! P, s' L; w% ^  e: y; FScan engine needed: 6.810 , i9 i/ J: Z2 T! W- l/ P
 
 . }3 y0 j  j! _ Overall risk rating:  Very Low
 ) F. g: N; F  K, I+ W1 M  X1 T! n( Y* S( H" p/ J5 Z4 Y* f8 a  ]# f0 q* y2 J
 --------------------------------------------------------------------------------; d1 C3 i4 U) Z4 y
 % Z9 r$ K  T1 ~1 k2 b) b
 Reported infections:  Low  * A1 o  R" V+ O/ O% K; d
 
 $ t# _! [5 R% `, A$ L& ~Damage Potential:  Low  & O( t6 M% v! P" B
 9 D: f) S) _) y( R0 J9 \
 Distribution Potential:  Low  / n  Q7 I) \0 e/ H" C/ k# e) s
 0 ^0 \) s$ b+ d2 m% t% d  k9 N
 
 1 B3 N' b% m$ O7 S% v8 Z$ Q* W- f( p5 F0 v2 m. w
 --------------------------------------------------------------------------------4 W& F% B- \# {1 |( A! p% g7 [
 
 - V- h( D5 y: n: K/ |Description:
 8 y; G* i$ j% s* b) r6 [- X1 W7 L2 x- E- K" z
 9 w) _3 k$ @# a! Q( `  f- M- V
 
 ( @" B" d2 H: W7 H6 z, n' [6 GThis malicious JS script may reside in an HTML file or in a malicious Web site.
 - S, ?6 y& Q6 N( n6 _6 b0 I
 8 V3 W/ ]5 g0 l' M' X( fUpon execution, this JS script automatically downloads from the URL http://barai<BLOCKED>.com/update/Search.cab. 1 n" {8 F1 w3 j! G
 1 H$ p" Q- A' N: F, \
 It exploits a codebase vulnerability in Internet Explorer, which allows automatic execution of files.
 1 ]6 k- z% C) y! _) |/ R# ]+ i4 @2 n
 6 o8 a- u* ]; D  e$ P& ?It runs on Windows 95, 98, ME, NT, 2000, and XP.
 | 
 |