|
|
发表于 2004-12-15 15:22:18
|
显示全部楼层
ViRUS NAME :JS_BAIDU.A
2 {' ~; z2 r& g6 a
0 A% Z& D( Z0 V5 x* H
, r& l2 j6 K- wQUICK LINKS Solution | Understanding New Pattern Format
* k. R; b6 L$ N* u# v0 ^) o
+ _% K$ W! p% j+ ^; u g--------------------------------------------------------------------------------2 }& T: ^% I8 T$ q; ^* @) W
6 T# G- C$ w% t8 W' e9 ?, F& |Virus type: JavaScript * s- [7 |/ j0 |
, C/ f5 I1 A' Y2 z# bDestructive: No
9 F0 L1 _$ T" f$ u* N
: r) t2 }- m: M. X& P" H" \Pattern file needed: 2.292.08 ' z3 ^: h! q4 ?$ j
3 H4 }. o A1 `+ }Scan engine needed: 6.810 3 y/ } J0 k9 b& O# c% E
; W' G) Q, Q- [) l Overall risk rating: Very Low
: I8 v/ u ]! L6 R: ~: s
& r4 V x" J# K/ K) }: Y! b--------------------------------------------------------------------------------1 Y' R/ ?) ~; Q+ c! @ ]: }
1 b: ^; \% U o
Reported infections: Low
, W# T8 R5 ]( m b5 p
- H) a: k5 d0 D- CDamage Potential: Low C3 V8 O( q. R$ O) ^
4 g. q: k' Y- }; S2 ?$ O$ D( O: |Distribution Potential: Low ! X4 W9 ^3 W, ~- W# o8 v2 N- P
# y3 |! e d2 w6 I& A * S+ E# r( z" Q, ~7 R; Z0 }
! y) L9 Y( A9 d: z1 s# T! \3 s
--------------------------------------------------------------------------------
4 b: D/ A8 \* k j/ T$ D( z# K ) `4 h! n; G; r( \# [3 T/ ]1 s
Description:
& @( `: h1 d- X- {
; Z3 U! k; @, |7 j( e
* d7 G+ h, L8 I9 P0 h3 S, s1 H; g
This malicious JS script may reside in an HTML file or in a malicious Web site. $ N+ b# y9 M6 C. P1 H8 q
; ^3 f q: I0 t4 [& r% d) ^) Q$ MUpon execution, this JS script automatically downloads from the URL http://barai<BLOCKED>.com/update/Search.cab.
8 x+ K) u! o2 ?1 S9 [7 {- }9 I$ I% r' z6 ~: W
It exploits a codebase vulnerability in Internet Explorer, which allows automatic execution of files. ! l8 \, s1 p4 F, V
! r2 W! T# }' iIt runs on Windows 95, 98, ME, NT, 2000, and XP. |
|
楼主