|
|
发表于 2004-12-15 15:22:18
|
显示全部楼层
ViRUS NAME :JS_BAIDU.A
# W4 t1 v, l- Q! h! x7 A0 X
4 s7 K$ p, Z$ P" D) Z+ \% s4 S. r$ W$ f* _8 X9 Y5 O
QUICK LINKS Solution | Understanding New Pattern Format
$ R5 C8 H+ C% Q' V
. _" `. y% y% e# f T1 J" q8 A--------------------------------------------------------------------------------
) K" L9 u8 |- W1 e# g
, I0 R" ~# g& g3 hVirus type: JavaScript # o* z- d4 Z# B0 G2 n5 {; u
! _. `! x% A/ R! F7 K1 S
Destructive: No
0 Q* u+ d, A4 R1 M) l7 A8 ? # @9 s% f% b% U
Pattern file needed: 2.292.08 1 }6 @8 s! y$ @! z) l
$ ]/ w9 a7 W: k2 KScan engine needed: 6.810 " e% K' h1 o, r& P- \
; o" K1 e8 Y4 j& N: P1 n Overall risk rating: Very Low
g( b+ p s/ @0 N$ {, X
; m9 e/ g% ]6 d1 m Q--------------------------------------------------------------------------------, C$ R3 S \( T8 }6 i
! I' d% x0 n% j, n% G
Reported infections: Low
2 f, X5 v3 q& }3 ~6 K* N: N 4 E& O3 J9 G& p1 }# }' V- `) w
Damage Potential: Low
; a! |/ i5 z$ ]" O/ f0 z! `! `
- Q5 s: b1 V5 m/ Y9 ADistribution Potential: Low f- |0 Y) J% D% I2 E0 W* e, l3 [
; P& ^7 ^6 ~0 n1 p3 O & g$ k1 @+ `) y- F
0 y3 {7 }, H+ m b# q* y* j--------------------------------------------------------------------------------4 [9 @; f: h2 F4 V& {( O
$ H2 W; T% x0 N1 k T% HDescription:
( G/ E$ e9 i c: h6 t& q6 m2 @" s, `7 p- H' }: ?1 ]5 D, c
- `$ d# I2 \4 s! _% v: G: m6 N
5 J0 [2 _4 _7 v3 ^4 ]; o
This malicious JS script may reside in an HTML file or in a malicious Web site. # @; B6 ^7 @4 e3 m( t6 O
7 w4 S- O# u% g l, YUpon execution, this JS script automatically downloads from the URL http://barai<BLOCKED>.com/update/Search.cab. * y4 i8 Q& Z" y3 u2 t
0 B/ R! d6 K/ m% A+ D8 x! C- VIt exploits a codebase vulnerability in Internet Explorer, which allows automatic execution of files. 3 E; H8 s. P. M
, K8 _6 _6 u% o' |% f- U& W: zIt runs on Windows 95, 98, ME, NT, 2000, and XP. |
|