|
|
发表于 2004-12-15 15:22:18
|
显示全部楼层
ViRUS NAME :JS_BAIDU.A
& ]7 u5 Q% J9 N' }
8 I5 ~2 w7 g( [+ j6 s* s- ]6 A" S r" g
QUICK LINKS Solution | Understanding New Pattern Format 6 }' k0 |2 G' ?8 o8 X# M5 C! m
! T( o* }, f6 }5 F7 g--------------------------------------------------------------------------------: ]; U$ J3 y8 f; _, |# O+ J
( p; I& h* I F$ @8 _: p0 `# fVirus type: JavaScript % ?% C! e# y& r* C1 ]+ F& I
6 [: I5 q1 ~( s
Destructive: No
* I' ?9 c9 k1 C9 T4 g ' C7 C& r6 P3 ^& p/ b
Pattern file needed: 2.292.08
# }0 w7 g6 b5 J. T
. f+ C. @' l2 f6 vScan engine needed: 6.810 3 O* z6 ]1 i8 r. d5 ]
, D0 \" g. d3 {& b% U5 S& }8 i
Overall risk rating: Very Low 5 Y! V6 Q# m" P. r3 Q5 W
# R! {* f( O& E2 P- ]5 m" o9 _--------------------------------------------------------------------------------
! |+ W5 ^! J+ f7 t , `9 n. ]. F6 b- F
Reported infections: Low
. O0 N% C& j/ X% j% U5 q+ X & D/ r% M2 o, g) j1 H q/ M
Damage Potential: Low
$ F& n. v( f3 Q7 S
3 Q& R. R" V5 `" T0 W dDistribution Potential: Low " W' ^: }7 f; J: I5 W6 n0 J( n
1 h9 W! N1 T }: B. h
3 s2 V4 f2 W' }( N$ T
. L0 ]0 t# `! Y) Z8 v+ b0 v
--------------------------------------------------------------------------------* c5 w5 Y) s. a" T; ?6 Y# L z
4 B9 \" y0 N! Z C+ a
Description:" J* ` U- h! |7 O
, O0 ^( J0 S3 f+ N2 p7 j
4 L, Q1 f3 q! V# G: W, j
7 ?2 F6 }9 f# p gThis malicious JS script may reside in an HTML file or in a malicious Web site. % y! Y+ `3 ~( |& ?8 B) H
5 P8 @- F8 N1 y) ]Upon execution, this JS script automatically downloads from the URL http://barai<BLOCKED>.com/update/Search.cab.
& z8 Q5 F9 G9 b, d3 o& a. m* v6 {* I& ], N! t
It exploits a codebase vulnerability in Internet Explorer, which allows automatic execution of files.
* M! ]& J+ z' O
. G9 y" f# a" d$ B( k2 @4 VIt runs on Windows 95, 98, ME, NT, 2000, and XP. |
|
楼主