McAfee > Theat Center > Virus Detail Page

Overview

This detection covers an exploit that could be used to install other trojans, viruses, and potentially unwanted programs (adware, spyware, etc).  This method of exploitation is often referred to as "drive by installs" or "drive by downloads", meaning that upon visiting a site hosting malicious code, a vulnerable system is automatically instructed to install files.

Characteristics

This detection covers exploits targeting a WinZip FileView ActiveX Control vulnerability that can result in the execution of arbitrary code.

As this threat utilizes script in order to carry out exploitation, VirusScan's ScriptScan component, or a gateway scanner, is required for the DAT files to offer protection from this threat.  Identification is available via other DAT consuming scanners.

For more details on the vulnerability that is exploited by this threat, see:
http://www.winzip.com/wz7245.htm

Symptoms

Internet Explorer will likely crash upon exploitation.  Any number of subsequent actions may be taken by the malware.

Method of Infection

Users may be lured (such as through spam or spim) to visit a malicious site.  Upon loading the web page, a vulnerable web browser will execute the payload.

This detection is sufficiently generic, such that it can cover an endless number of threats that contain the exploit code.  Therefore, it is not possible to describe specific symptoms or details about system charges that can occur from this threat.  However, simply seeing this detection does not mean that any exploit code was run at all as such exploit code could only run on a vulnerable system.

Removal

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants

N/A

All Information

Overview -

This detection covers an exploit that could be used to install other trojans, viruses, and potentially unwanted programs (adware, spyware, etc).  This method of exploitation is often referred to as "drive by installs" or "drive by downloads", meaning that upon visiting a site hosting malicious code, a vulnerable system is automatically instructed to install files.

Characteristics

Characteristics -

This detection covers exploits targeting a WinZip FileView ActiveX Control vulnerability that can result in the execution of arbitrary code.

As this threat utilizes script in order to carry out exploitation, VirusScan's ScriptScan component, or a gateway scanner, is required for the DAT files to offer protection from this threat.  Identification is available via other DAT consuming scanners.

For more details on the vulnerability that is exploited by this threat, see:
http://www.winzip.com/wz7245.htm

Symptoms

Symptoms -

Internet Explorer will likely crash upon exploitation.  Any number of subsequent actions may be taken by the malware.

Method of Infection

Method of Infection -

Users may be lured (such as through spam or spim) to visit a malicious site.  Upon loading the web page, a vulnerable web browser will execute the payload.

This detection is sufficiently generic, such that it can cover an endless number of threats that contain the exploit code.  Therefore, it is not possible to describe specific symptoms or details about system charges that can occur from this threat.  However, simply seeing this detection does not mean that any exploit code was run at all as such exploit code could only run on a vulnerable system.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants -

N/A