|
|
发表于 2004-12-15 15:22:18
|
显示全部楼层
ViRUS NAME :JS_BAIDU.A# y# \3 f. n! E/ X6 G' C: G
* v. M3 D9 K4 p0 C
: M% e. S F3 y3 l. z* JQUICK LINKS Solution | Understanding New Pattern Format
6 ^) _, \: e+ E7 n. P1 C. g( O2 B4 s& B- y: {. Z
--------------------------------------------------------------------------------$ o8 K$ N+ l5 Z9 m; }3 M( [
, n. N: s9 j' Q2 w% X+ R% F/ v3 T
Virus type: JavaScript
; K8 h; n7 {) ^8 z( G
$ p6 X% D; ]& g* P) iDestructive: No 7 M. m5 `7 q' I8 B) @+ j+ |) J
1 A% i- N( Z' V. k; C s& t1 M
Pattern file needed: 2.292.08 3 E8 v/ f9 r d$ e; w( a+ D! w
( y; w9 B5 E( p( C$ j2 q: `
Scan engine needed: 6.810
5 ]/ K& k# J$ o0 o9 X c. D 8 \2 o( u! P1 ]1 B
Overall risk rating: Very Low
' @# ~3 T! H+ e" T+ t
- G1 U: K$ o. m: x# x--------------------------------------------------------------------------------' _1 R4 \1 N/ r* y1 f$ G. ~
: b% B; ]% r* K! e5 T$ B* XReported infections: Low
" g1 [1 y+ e, E, z+ L! O% e " P6 [( z' |/ O# G {: n7 E0 W
Damage Potential: Low
) n9 ^4 ~1 I" X$ U; k
7 P+ V+ K7 m2 i1 v/ wDistribution Potential: Low ( G( i( \4 n y
5 V5 p: v0 Q. P- K C
' \9 a1 [/ `0 y* [
' Q3 ], O' g7 O+ `* r0 M" J--------------------------------------------------------------------------------
' m( l# F, J$ J8 W7 s
+ P1 `6 E% w+ k$ L. Q! C8 vDescription:
2 z& c3 Y8 H3 m, H) d# P) b; Y9 E: C, k# T% @5 k
l6 K4 y3 v e' k a! `
9 ?8 Q+ ?2 j2 y% S! i) |3 k
This malicious JS script may reside in an HTML file or in a malicious Web site.
6 ~3 ]8 G9 }5 m& `2 Q9 B6 d7 s
$ @; i) L( b+ R3 e" sUpon execution, this JS script automatically downloads from the URL http://barai<BLOCKED>.com/update/Search.cab.
& G# D! u: Q4 t' S, l7 O) g! S m; T; d, O2 h0 N& q, S
It exploits a codebase vulnerability in Internet Explorer, which allows automatic execution of files.
- r0 `7 \' E6 M
: ]3 t, S; L6 ^& k6 z. `It runs on Windows 95, 98, ME, NT, 2000, and XP. |
|
楼主