McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Initial detection is limited to email/gateway scanning products.

This detection covers malicious HTML files/messages that attempt to exploit a 0-day, buffer overflow vulnerability in the MSIE script action handler.  Proof of concept code was posted to the web recently that results in a denial of service attack (crash) against Microsoft Internet Explorer browsers.

Symptoms

Internet Explorer crashing upon visiting a website.

Method of Infection

This detection covers files attempting to exploit a vulnerability.  Detection targets the exploit code itself, rather than any specific payload.  Therefore, details about one payload are not available.  It is believed that remote code execution is possible.

Removal

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Characteristics -

Initial detection is limited to email/gateway scanning products.

This detection covers malicious HTML files/messages that attempt to exploit a 0-day, buffer overflow vulnerability in the MSIE script action handler.  Proof of concept code was posted to the web recently that results in a denial of service attack (crash) against Microsoft Internet Explorer browsers.

Symptoms

Symptoms -

Internet Explorer crashing upon visiting a website.

Method of Infection

Method of Infection -

This detection covers files attempting to exploit a vulnerability.  Detection targets the exploit code itself, rather than any specific payload.  Therefore, details about one payload are not available.  It is believed that remote code execution is possible.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants -

N/A