|
|
发表于 2004-12-15 15:22:18
|
显示全部楼层
ViRUS NAME :JS_BAIDU.A% Q1 o* B- ^; V6 [
# I; z8 O) L& ?+ \: V2 ~ q2 a+ X9 M8 E% B# J4 r$ [) m& h
QUICK LINKS Solution | Understanding New Pattern Format ; s4 T% I/ G# ]. O
; q: a* v4 Z2 W0 m. n--------------------------------------------------------------------------------
* o6 {7 x$ i7 M! L% |/ s ! @& m5 ~. C" O
Virus type: JavaScript 5 P% g" i. C$ j" h1 T& ?5 I8 i' l
* t! x) c* j# T9 I* y, t* c: ]; b; U! {
Destructive: No
7 |" Q: s" r, }1 \& [ F+ }
2 j( @6 s& C1 y- i: gPattern file needed: 2.292.08
+ H+ `7 a6 E8 F% {
2 }# F- \' F7 @+ ~' H2 H1 g; DScan engine needed: 6.810
) j' B* r4 Q* g/ Y5 V ) S Y$ E' w) U; S* |
Overall risk rating: Very Low
# Z0 c: l3 b" j7 ^9 E+ K
6 N4 N. O, U: p/ f `--------------------------------------------------------------------------------) R/ G$ H1 R/ a* ]; J7 j: c' x1 C
$ h5 Y) y1 E- g! I+ n: G" PReported infections: Low
" B! ^' q! ^, G* M
6 \0 E/ L( o9 BDamage Potential: Low
) }. A) _+ D: I4 f
8 ]: C# \( f' G; gDistribution Potential: Low % M/ Z: D7 b7 ?* i4 x4 P
- B: W. ^8 o+ J$ ]
. u4 v3 D( b/ l$ a& o3 `; p
! q5 a2 E2 [2 U" ~" w, Z2 f--------------------------------------------------------------------------------
- t) ?' E8 ^. w( N) M! y4 l4 H . O9 s9 P# y6 J: l4 h: s/ \6 a# B$ H
Description:& p6 f$ }0 g" }. F- e) P
" I D% q( \. `/ l+ h
6 c$ W1 c' |- X: m& \# W& k) n- ~2 `; M# x
This malicious JS script may reside in an HTML file or in a malicious Web site. ( F/ J. a j! g; G, {% `- g! ?% e
6 d T m' |9 p* I1 M8 `6 U! L! K7 |5 ZUpon execution, this JS script automatically downloads from the URL http://barai<BLOCKED>.com/update/Search.cab.
% `6 X Z" h. L
' i& D6 p9 y2 J0 ]6 U1 AIt exploits a codebase vulnerability in Internet Explorer, which allows automatic execution of files.
0 m9 q, ^% @9 F/ A& A9 W4 o6 I; o- Q; g/ |, X0 E
It runs on Windows 95, 98, ME, NT, 2000, and XP. |
|
楼主