|
|
发表于 2004-12-15 15:22:18
|
显示全部楼层
ViRUS NAME :JS_BAIDU.A
, E% p6 v0 W& E- z
# X4 B. d7 U$ w' W' g7 e7 ~
& f ?( D* J5 h: @5 I- KQUICK LINKS Solution | Understanding New Pattern Format + X5 }0 w* j/ Y. k, M, T
2 F# b, {, ]3 L--------------------------------------------------------------------------------
" K9 a" w$ ]2 k" c5 x' {
% d2 ]2 H( F* c, Y7 NVirus type: JavaScript
2 [( q( y6 S6 z8 |0 x4 d ' Q; i! d5 d% j2 M! v J" K" P
Destructive: No ; \9 C. N! e# f' g2 S* q9 k! x
* D; A1 |+ W! ]0 j- ?
Pattern file needed: 2.292.08 ) L3 N9 _' C( {! i; Q- L
4 q9 w, q' H2 \. z" D. M" ^
Scan engine needed: 6.810
4 T0 ?3 {, J9 I/ m* i; t/ A+ t
2 S" C. w* M, I- ~* | Overall risk rating: Very Low 8 |/ H. B: D8 C
, ~4 j o+ D" B" g2 R" n3 z--------------------------------------------------------------------------------
" e0 t) \( w0 G* n, e) x4 W; c 4 E" ?1 {( Q1 L# W( K
Reported infections: Low
9 V( g* i: @' Z: y8 f 3 V- {. w. L7 t, U
Damage Potential: Low
, m! \) T: Y- C5 c % D) f3 O/ B9 k; X
Distribution Potential: Low
3 [- Z6 e7 k4 k U9 C* _ & F, [. ~; x& A+ W( |
* X8 g( x; ]1 i- V
7 M8 a! O! T) i$ p4 J0 {6 P--------------------------------------------------------------------------------
0 [* |# O" H Y: i& A
8 ~, k( D& O r! n3 I1 O5 Q( EDescription:4 H/ T9 i# K! L
: E" ^) g1 A8 K- c7 Z; Z
1 {' k3 s+ J: ` a, W5 P# P
0 D+ \7 j9 ~2 ^/ m9 L0 fThis malicious JS script may reside in an HTML file or in a malicious Web site. ' c! T% b5 E: g- I- n0 H8 h8 b6 H
4 h" x3 x0 K9 R9 ?- B! o' aUpon execution, this JS script automatically downloads from the URL http://barai<BLOCKED>.com/update/Search.cab.
$ V$ g. V( Q# L. Y' e
7 v) K0 N. ~! HIt exploits a codebase vulnerability in Internet Explorer, which allows automatic execution of files.
d' [& P7 ]1 D$ w9 e* M( V S3 {7 t2 s6 U2 w2 s6 I; I
It runs on Windows 95, 98, ME, NT, 2000, and XP. |
|
楼主