|
|
发表于 2004-12-15 15:22:18
|
显示全部楼层
ViRUS NAME :JS_BAIDU.A
9 F: n4 N( r- k+ x \# m2 i$ b$ F5 S: `3 g! ]
- f" F) K* K7 N; F- ^' F# X
QUICK LINKS Solution | Understanding New Pattern Format
2 y: [+ l8 D# K( n+ H' i! p8 N3 h9 K2 K& X( {8 c" P d# |
--------------------------------------------------------------------------------
) S+ x- h2 x" s# x# M 4 h8 g3 i y8 N& N) h3 V5 y
Virus type: JavaScript
: H; X3 Y1 C/ F0 z; o8 Y- R 0 Z( r) A" {5 f& n, J# _
Destructive: No * A* L6 t) s& @4 F
) P# ]4 g2 \& D4 E" U
Pattern file needed: 2.292.08 ( E* B: e' f |& v7 V
1 v9 U- I8 a8 [. s; z5 @1 ^
Scan engine needed: 6.810
: o* R7 T5 r" j( b1 `
* t. U$ E9 m: `& s m" s Overall risk rating: Very Low
# [1 R6 [7 U. Q% l3 s) m) c8 A! t' p' k- w
--------------------------------------------------------------------------------! F# o' x' G+ Q* X3 t, H) g7 v
4 e. Y$ L# T2 f4 \" r; zReported infections: Low & p8 d6 h% T! T: A' j( n& Y# A
2 _) K3 |* h9 I' R5 q+ MDamage Potential: Low 9 {2 ^' Q' \$ _5 _: x
, G4 Q# B1 ^) G2 w3 ^5 o: o
Distribution Potential: Low , N6 l2 Q5 v. d8 L. l+ N
2 t3 L" I3 H! }( p% Z
6 Z% E4 h) j; K1 Z( f( V) m) a
* P, O/ c" y% C7 [% K--------------------------------------------------------------------------------7 Q- t5 [' f1 {" |" D
0 O8 ]0 \ p* I ]9 T7 B
Description:; \+ K+ m0 s! g- N" d& M
2 \0 B! ^. i0 S; u' m M( b" g9 S* H9 c2 ?' { V) f5 [
$ b4 v! K# W- A5 _. s0 W
This malicious JS script may reside in an HTML file or in a malicious Web site.
! x6 R! u1 k' C6 O6 Q, ^
. |$ @: R1 X! b! wUpon execution, this JS script automatically downloads from the URL http://barai<BLOCKED>.com/update/Search.cab.
2 U9 c1 K O4 p ^- R1 B( r% v& h N6 \& X* Z
It exploits a codebase vulnerability in Internet Explorer, which allows automatic execution of files.
& y. x1 W. b; _& \" R5 O
- I! H7 g9 x; s7 H TIt runs on Windows 95, 98, ME, NT, 2000, and XP. |
|