McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

-- Update Jan 11, 2005 --
Microsoft has released a patch for the vulnerability targeted by this exploit:
http://www.microsoft.com/technet/security/bulletin/MS05-002.mspx

This detection covers code attempting to exploit a Microsoft Windows Kernel ANI File Parsing Crash Vulnerability that was announced on December 23, 2004.  Reportedly, the vulnerability exists on the following operating systems:

• Windows NT4
• Windows 2000
• Windows XP SP0/SP1 (SP2 is not vulnerable)
• Windows 2003

Symptoms

System crashing unexpectedly, upon accessing a new file, email message, or web page

Method of Infection

Malicious code can be delivered via a web page or email message.

Removal

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Characteristics -

-- Update Jan 11, 2005 --
Microsoft has released a patch for the vulnerability targeted by this exploit:
http://www.microsoft.com/technet/security/bulletin/MS05-002.mspx

This detection covers code attempting to exploit a Microsoft Windows Kernel ANI File Parsing Crash Vulnerability that was announced on December 23, 2004.  Reportedly, the vulnerability exists on the following operating systems:

• Windows NT4
• Windows 2000
• Windows XP SP0/SP1 (SP2 is not vulnerable)
• Windows 2003

Symptoms

Symptoms -

System crashing unexpectedly, upon accessing a new file, email message, or web page

Method of Infection

Method of Infection -

Malicious code can be delivered via a web page or email message.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants -

N/A