Content

Obfuscated Script.f

Type
Trojan
SubType
Script
Discovery Date
02/04/2009
Length
Varies
Minimum DAT
5614 (05/13/2009)
Updated DAT
5814 (11/26/2009)
Minimum Engine
5.2.00
Description Added
02/04/2009
Description Modified
05/18/2009 8:47 AM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

Generic Script.f is a heuristic detection for web pages that are crafted to contain references to some malicious content. Often, obfuscated javascript is being injected into web page, which attempts to redirect the user to another domain hosting a malicious payload.

Often, these obfuscated scripts contain exploits that target the web browser. In the wild, they have been widely found to be targeting at least the following vulnerabilities:

As this is a heuristic detection, variants may exploit other vulnerabilities. These exploits are often hosted on hijacked websites which are normally legitimate. When script scanning is enabled, this detection blocks execution of the potential exploits.

Symptoms

Execution of malicious web scripts which often link to malicious servers to download further malware. Sometimes, they can cause the web browser to crash when an exploit is used to target a buffer overflow vulnerability and fails.

Method of Infection

These obfuscated scripts are often host on hijacked websites which are normally legitimate. Typically, they are crafted to exploit web browser vulnerabilities to download and install further malware.

Removal

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

Obfuscated Script.f is a heuristic detection for web scripts that crafted to prevent inspection of its malicious content.

Aliases

  • Gumblar (ScanSafe)

Characteristics

Characteristics -

Generic Script.f is a heuristic detection for web pages that are crafted to contain references to some malicious content. Often, obfuscated javascript is being injected into web page, which attempts to redirect the user to another domain hosting a malicious payload.

Often, these obfuscated scripts contain exploits that target the web browser. In the wild, they have been widely found to be targeting at least the following vulnerabilities:

As this is a heuristic detection, variants may exploit other vulnerabilities. These exploits are often hosted on hijacked websites which are normally legitimate. When script scanning is enabled, this detection blocks execution of the potential exploits.

Symptoms

Symptoms -

Execution of malicious web scripts which often link to malicious servers to download further malware. Sometimes, they can cause the web browser to crash when an exploit is used to target a buffer overflow vulnerability and fails.

Method of Infection

Method of Infection -

These obfuscated scripts are often host on hijacked websites which are normally legitimate. Typically, they are crafted to exploit web browser vulnerabilities to download and install further malware.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A