Content

JS/Exploit-dwl.gen

Type
Trojan
SubType
Exploit
Discovery Date
01/02/2008
Length
varies
Minimum DAT
5197 (01/02/2008)
Updated DAT
5197 (01/02/2008)
Minimum Engine
5.1.00
Description Added
01/02/2008
Description Modified
08/05/2008 2:18 AM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

JS/Exploit-dwl.gen is a generic detection for Xunlei Web Thunder ThunderServer.webThunder.1 ActiveX Control Arbitrary File Download Vulnerability

The vulnerability is with addcategory method which can be exploited by an attacker to open a hidden browser window to download a remote file.

Symptoms

This detection is sufficiently generic, such that it can cover a number of threats that contain the exploit code.  Therefore, it is not possible to describe specific symptoms or details about system changes that can occur from this threat.  However, simply seeing this detection does not mean that any exploit code was run at all as such exploit code could only run on a vulnerable system.

Additionally some exploits simply cause Internet Explorer to crash and do nothing more.

Method of Infection

This threat could be delivered via an email message, IM or an infectious web page.

Removal

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

JS/Exploit-dwl.gen is a generic detection for Xunlei Web Thunder ThunderServer.webThunder.1 ActiveX Control Arbitrary File Download Vulnerability

Characteristics

Characteristics -

JS/Exploit-dwl.gen is a generic detection for Xunlei Web Thunder ThunderServer.webThunder.1 ActiveX Control Arbitrary File Download Vulnerability

The vulnerability is with addcategory method which can be exploited by an attacker to open a hidden browser window to download a remote file.

Symptoms

Symptoms -

This detection is sufficiently generic, such that it can cover a number of threats that contain the exploit code.  Therefore, it is not possible to describe specific symptoms or details about system changes that can occur from this threat.  However, simply seeing this detection does not mean that any exploit code was run at all as such exploit code could only run on a vulnerable system.

Additionally some exploits simply cause Internet Explorer to crash and do nothing more.

Method of Infection

Method of Infection -

This threat could be delivered via an email message, IM or an infectious web page.

Removal -

Removal -

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A