|
|
发表于 2004-12-15 15:22:18
|
显示全部楼层
ViRUS NAME :JS_BAIDU.A
& p- Y/ l7 O J! Z/ d) I: ?
7 I0 @0 O o; S% @5 s3 C7 T' _+ l+ }8 k0 Y3 @
QUICK LINKS Solution | Understanding New Pattern Format
; b; S( x6 T4 E( o
5 v [* Y* p) I. |--------------------------------------------------------------------------------9 v: ^' o# l3 ]" q8 D/ C7 g
+ O- o& H% Q/ B* d3 _, L9 yVirus type: JavaScript / {) l+ Q V# K2 N
) J" t1 [+ a0 L, V7 s/ ], @
Destructive: No
7 C- M8 g+ P$ s- f4 ^
- \) t: u6 K1 `( UPattern file needed: 2.292.08
2 Z' P4 k' z8 ^ ( K2 r" Q2 E7 G7 R% |
Scan engine needed: 6.810
+ v, o A( v# v) t; s ' |9 v, v2 g1 Z2 G/ N$ x m7 A2 S
Overall risk rating: Very Low 2 u/ S1 k# s4 a8 g+ _
( q& F/ u1 m" m7 I
--------------------------------------------------------------------------------
9 }( p0 Q7 ^8 r- J , }! f3 [& }5 u# a6 k( U% }; ^
Reported infections: Low 6 U" W; B: U6 S; t! k" c/ M3 y
$ i- I8 Q' w3 s+ _! F$ l& G" J
Damage Potential: Low
+ X, W; ^5 `' ^9 z
& s# J6 N" }( J1 tDistribution Potential: Low # P1 E$ E3 n Z: M
" |; Y8 \, R1 ~: T% Q
8 u9 I T9 a6 P. o/ }9 ?
+ }3 M) r% k# |* d--------------------------------------------------------------------------------$ b6 A( A# t; J8 v
# t8 E) P" u+ R
Description:8 O* z/ ?3 h4 |6 D
1 |& {* M) T' x$ j Z' H
; b6 P, K6 G+ `* n! u' p7 v
* M, ?( C3 Q9 b# Y; n! ]This malicious JS script may reside in an HTML file or in a malicious Web site. ' c, |, Y; r2 s5 e/ W$ o# e% W
6 ~8 y6 n* _- `% \* q
Upon execution, this JS script automatically downloads from the URL http://barai<BLOCKED>.com/update/Search.cab.
* p$ ]; n0 ?- U- L! \! W! S
) N6 a% Q# t$ Y3 ]It exploits a codebase vulnerability in Internet Explorer, which allows automatic execution of files. * }! \7 |3 x8 `4 w( y2 z
2 o! m( s" R" L- ~& u K# d: ZIt runs on Windows 95, 98, ME, NT, 2000, and XP. |
|