|
|
发表于 2004-12-15 15:22:18
|
显示全部楼层
ViRUS NAME :JS_BAIDU.A
, b/ I; _0 i) g- F. C1 r) l: R7 _" ^7 |' a* g0 \
7 m8 K5 \6 I0 F$ I+ f" IQUICK LINKS Solution | Understanding New Pattern Format
1 }, b7 ^8 J3 ~- o$ {, Y4 C5 p$ W1 v4 |! c/ \3 E
--------------------------------------------------------------------------------
7 g% M# _0 X# w4 F% d 3 L& K/ C( p/ {" H1 ^! v( Q
Virus type: JavaScript ; b0 C* u/ b3 D4 E7 C2 P
, U4 t7 Q- U* y5 m( i( UDestructive: No
0 y1 X1 Y1 R2 l 2 ?7 ^# o; c5 @
Pattern file needed: 2.292.08 7 I5 j; i2 V3 ~; Z
9 Y! P, s' L; w% ^ e: y; FScan engine needed: 6.810 , i9 i/ J: Z2 T! W- l/ P
. }3 y0 j j! _ Overall risk rating: Very Low
) F. g: N; F K, I+ W1 M X1 T! n( Y* S( H" p/ J5 Z4 Y* f8 a ]# f0 q* y2 J
--------------------------------------------------------------------------------; d1 C3 i4 U) Z4 y
% Z9 r$ K T1 ~1 k2 b) b
Reported infections: Low * A1 o R" V+ O/ O% K; d
$ t# _! [5 R% `, A$ L& ~Damage Potential: Low & O( t6 M% v! P" B
9 D: f) S) _) y( R0 J9 \
Distribution Potential: Low / n Q7 I) \0 e/ H" C/ k# e) s
0 ^0 \) s$ b+ d2 m% t% d k9 N
1 B3 N' b% m$ O7 S% v8 Z$ Q* W- f( p5 F0 v2 m. w
--------------------------------------------------------------------------------4 W& F% B- \# {1 |( A! p% g7 [
- V- h( D5 y: n: K/ |Description:
8 y; G* i$ j% s* b) r6 [- X1 W7 L2 x- E- K" z
9 w) _3 k$ @# a! Q( ` f- M- V
( @" B" d2 H: W7 H6 z, n' [6 GThis malicious JS script may reside in an HTML file or in a malicious Web site.
- S, ?6 y& Q6 N( n6 _6 b0 I
8 V3 W/ ]5 g0 l' M' X( fUpon execution, this JS script automatically downloads from the URL http://barai<BLOCKED>.com/update/Search.cab. 1 n" {8 F1 w3 j! G
1 H$ p" Q- A' N: F, \
It exploits a codebase vulnerability in Internet Explorer, which allows automatic execution of files.
1 ]6 k- z% C) y! _) |/ R# ]+ i4 @2 n
6 o8 a- u* ]; D e$ P& ?It runs on Windows 95, 98, ME, NT, 2000, and XP. |
|
楼主