|
|
发表于 2004-12-15 15:22:18
|
显示全部楼层
ViRUS NAME :JS_BAIDU.A: d+ a u% [- j& e# \2 d0 w+ \, H
$ h; p' W( R# X! }5 S. v! i" Q1 C, j, f. C7 b0 A' M
QUICK LINKS Solution | Understanding New Pattern Format 2 a8 p& T) O7 h
+ P: d9 j2 o! ^: f' Q9 ^
--------------------------------------------------------------------------------
& a# e$ X- i3 e7 o0 L1 G: q d" g! _+ @9 A6 r' r( ?6 D) L
Virus type: JavaScript
8 v4 |' S' S4 [) r
u& \" B- ^' m) @( H9 p- BDestructive: No
# [+ i+ n _/ m$ ^7 B
. u% X0 Z+ f4 G7 y- hPattern file needed: 2.292.08
: K% P: }" }( L6 P
$ i+ ?, P( k& y, mScan engine needed: 6.810 , r' U I# _( x
2 F' Z9 n3 {$ b9 R# \ Overall risk rating: Very Low ; B ^- G# b( ]' N5 x
9 F/ l) d `; K; R
--------------------------------------------------------------------------------6 |0 e: k4 r$ |3 a# U, _
- M$ i& \5 F6 v/ F& G! [Reported infections: Low ; Q8 @4 v/ x0 }$ V9 p0 ?
5 u7 `. u( H1 l) i
Damage Potential: Low 2 U% l/ }) q# v6 Q8 J9 I
" T4 B( e7 F8 w PDistribution Potential: Low
Y0 Q/ {9 K; v% V S5 p7 V
" B' n1 [- Y9 E5 h . c4 o# s* i2 e: o8 t
' {! F3 v+ {+ e9 [" v/ k--------------------------------------------------------------------------------
2 N9 K2 I w2 N1 _$ [+ s ) i! `: W v- Q9 x1 E8 _2 `; y
Description:- U( F! r5 J3 z1 g
0 J& `/ e, o# u8 N6 W: u; Z0 Z" P+ I' w& h& h/ `+ \; E5 C; C; l
3 `& J, U9 o' H; g
This malicious JS script may reside in an HTML file or in a malicious Web site.
+ J' }4 }# o6 K) ]
8 G9 r3 g; d6 H4 CUpon execution, this JS script automatically downloads from the URL http://barai<BLOCKED>.com/update/Search.cab.
2 N% Z+ l8 f& c) p1 m0 b. V0 D: `# Z
6 l+ i4 {" z" ^. iIt exploits a codebase vulnerability in Internet Explorer, which allows automatic execution of files. . a" M1 \. W7 B3 [, j
6 p; R6 s9 M8 O1 s# t5 T. w" f
It runs on Windows 95, 98, ME, NT, 2000, and XP. |
|
楼主