|
|
发表于 2004-12-15 15:22:18
|
显示全部楼层
ViRUS NAME :JS_BAIDU.A
3 S" Z1 q- ^$ y p1 y" ?6 j7 b
) h. g8 B R( }4 d/ k0 @6 w0 ]4 \+ N7 ^' w$ V2 i" w8 v
QUICK LINKS Solution | Understanding New Pattern Format
/ q2 ?" X2 `- ~; v) L9 H z2 X/ m S4 B. M! U
--------------------------------------------------------------------------------
$ u4 W- t' m" P 0 }+ n; V- [1 o: `; a/ }8 C
Virus type: JavaScript
C+ x( `. h& S 2 b8 L4 c! g, O
Destructive: No & m. A6 ] }5 A5 z' H! w: ~
5 s6 m* P; Q9 c: q* g; s0 A8 W1 @ xPattern file needed: 2.292.08 1 ?6 W% D2 S2 S& V$ ?( d
2 e c0 L3 Y- l8 [- w
Scan engine needed: 6.810 8 Z) H7 K7 V( D
2 c, Z# v# k% ?: k( K% Q Overall risk rating: Very Low
8 B6 I; L' p* H t6 a4 N( x" z$ g9 e/ E
--------------------------------------------------------------------------------1 u2 P0 K1 y% N% G" W2 i( V
" c. a8 w; m! q% s* J/ uReported infections: Low - y7 Q; j& n) T' I
# ]) h2 }7 X3 V8 g9 \
Damage Potential: Low
( y. R6 O4 ~9 X7 b3 ?# E
0 g6 @' a7 v5 q1 A) qDistribution Potential: Low
! u& o G5 Z6 k# }$ z: I" i: v$ \8 ? 4 V0 m; O$ C1 A: f. z
P+ Z2 @5 R- {+ a. g1 L1 {5 @/ @
' g# ]- n8 c; y( z4 v
-------------------------------------------------------------------------------- b9 l x9 ?, M
' n5 G& ?; X* K
Description: U3 _( C; d0 q3 L
7 Z2 Q$ `6 F" i% V. x" r
3 i; B1 o# i8 e; M6 e2 M, S. J, |7 \' |9 o5 y' o
This malicious JS script may reside in an HTML file or in a malicious Web site.
; M5 l% ~. W6 ^5 k- P) I4 u W. \9 K( x( n
Upon execution, this JS script automatically downloads from the URL http://barai<BLOCKED>.com/update/Search.cab. 7 y/ c* Y0 N- u: b9 h3 z4 D
) t- T t' l- x& _9 z* l- x( i
It exploits a codebase vulnerability in Internet Explorer, which allows automatic execution of files.
5 v/ ]! t7 S7 |1 Z. X" Y3 H( F0 D a0 \ v6 `( |
It runs on Windows 95, 98, ME, NT, 2000, and XP. |
|