McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Microsoft Internet Explorer ignores certain non-ascii characters, allowing an attacker to obfuscate malicious code and still have it rendered by IE.

This detection covers HTML documents that have been crafted with the intention of evading antivirus detection.  Other documents that mix HTML with non-ascii characters could also trigger this detection.

Symptoms

N/A  This is a generic detection covering any number of differet attacks.

Method of Infection

This exploit exists as code in an HTML document, web page, or email message.

Removal

Submit a copy of the detected file to AVERT for further instructions.

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Characteristics -

Microsoft Internet Explorer ignores certain non-ascii characters, allowing an attacker to obfuscate malicious code and still have it rendered by IE.

This detection covers HTML documents that have been crafted with the intention of evading antivirus detection.  Other documents that mix HTML with non-ascii characters could also trigger this detection.

Symptoms

Symptoms -

N/A  This is a generic detection covering any number of differet attacks.

Method of Infection

Method of Infection -

This exploit exists as code in an HTML document, web page, or email message.

Removal -

Removal -

Submit a copy of the detected file to AVERT for further instructions.

Variants

Variants -

N/A