McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

-- Update October 04, 2005 --
There has been some recent chatter about "Backdoor.Hesive", a new backdoor trojan being delivered via this exploit. When this backdoor is delivered via this exploit, it is proactively detected as Exploit-MSJet, when scanning with program heuristics enabled (default setting) using the BETA DAT files. It is worth noting that this vulnerability was first exploited in April of 2005. Different samples were know to deliver Downloader-ZX.dr, and BackDoor-BCB via this exploit. Exploit-MSJet.gen detection was written at that time to cover these samples generically.

This is a generic detection for MS Access MDB files that have a buffer overflow condition in the file that can be exploited. This does not detect whether any code is present after the exploit, simply that the exploit is present and therefore is potentially dangerous.

Original information on this threat was reported on:

http://www.hexview.com/

Symptoms

Varies

Method of Infection

This threat exploits a vulnerablity in the MS Jet Database Engine.

Removal

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Characteristics -

-- Update October 04, 2005 --
There has been some recent chatter about "Backdoor.Hesive", a new backdoor trojan being delivered via this exploit. When this backdoor is delivered via this exploit, it is proactively detected as Exploit-MSJet, when scanning with program heuristics enabled (default setting) using the BETA DAT files. It is worth noting that this vulnerability was first exploited in April of 2005. Different samples were know to deliver Downloader-ZX.dr, and BackDoor-BCB via this exploit. Exploit-MSJet.gen detection was written at that time to cover these samples generically.

This is a generic detection for MS Access MDB files that have a buffer overflow condition in the file that can be exploited. This does not detect whether any code is present after the exploit, simply that the exploit is present and therefore is potentially dangerous.

Original information on this threat was reported on:

http://www.hexview.com/

Symptoms

Symptoms -

Varies

Method of Infection

Method of Infection -

This threat exploits a vulnerablity in the MS Jet Database Engine.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants -

N/A