|
|
发表于 2004-12-15 15:22:18
|
显示全部楼层
ViRUS NAME :JS_BAIDU.A
2 ~# ]% B) t: }+ o' x
% I$ G/ d9 N, B% C8 w. g# p
- M4 ^# \- w5 m+ Z I1 D) f7 DQUICK LINKS Solution | Understanding New Pattern Format 4 x3 p3 ^% B* g0 Z
& j5 B( {8 H+ G9 v
--------------------------------------------------------------------------------
! k* f9 A& s M, o( ^
) X0 Q: e# v4 W5 D' B, n6 A; }7 pVirus type: JavaScript
7 O* |/ h+ v v0 I5 X9 B
! U( d( t$ N. \- P0 L: }, VDestructive: No ) P' j+ T) W0 x2 F) ?7 O$ T
$ Y5 h& O/ f# N; K* G# \Pattern file needed: 2.292.08
. L4 j9 m2 s2 m* f- h
$ \) S- ]. B5 ]6 sScan engine needed: 6.810
) G3 N+ y- U$ m+ W5 W
1 w9 n5 L( Y, j Overall risk rating: Very Low
, _1 j6 C! ~/ c8 @& |4 b
; W- H9 M6 j7 P/ ]--------------------------------------------------------------------------------% c+ L, R9 F' b0 D# `8 }
4 k& S2 Z3 `$ ]3 D8 O* T
Reported infections: Low + b& ?! ]! X% J1 w1 r
3 t( t/ o6 f- ]1 b) n0 ^
Damage Potential: Low : t! z, ]% J3 _4 q* p3 E
9 W$ ~/ @- I7 k1 A6 ?Distribution Potential: Low
7 g9 k3 K$ {( k3 h# i! d 8 l6 w( X5 h+ a! w% A% U# w
M U! a8 @7 L4 u: A, V
: _" Y5 D! d, m3 G$ O--------------------------------------------------------------------------------
% L' }2 f# E' \2 N( e1 r7 O- A * p& @, T; ]; x; L2 `: N# l( l
Description:
6 A" l' ]. [ e) [: C
' D2 R; l9 g0 }7 d# s3 h& F( R. I& E/ q/ f( q5 ^
& _8 W }3 K. w- kThis malicious JS script may reside in an HTML file or in a malicious Web site. ; q$ B4 C# |$ ?- E
2 v0 F7 \5 l! k, t- F
Upon execution, this JS script automatically downloads from the URL http://barai<BLOCKED>.com/update/Search.cab.
" I- {$ r8 b/ R: c- G6 I3 F) J4 {. p+ i2 X# z, q6 K/ v
It exploits a codebase vulnerability in Internet Explorer, which allows automatic execution of files.
8 G4 @8 N% O3 `( v: v9 a0 p# t( l7 {7 o" v, R) T
It runs on Windows 95, 98, ME, NT, 2000, and XP. |
|