Content

Exploit-MSDirectShow.b

Type
Trojan
SubType
Exploit
Discovery Date
07/06/2009
Length
Varies
Minimum DAT
5668 (07/06/2009)
Updated DAT
5776 (10/19/2009)
Minimum Engine
5.3.00
Description Added
07/06/2009
Description Modified
07/06/2009 1:35 PM (PT)
Risk Assessment
Corporate User
Low-Profiled
Home User
Low-Profiled

Tab Navigation

Characteristics

When browsed upon using a vulnerable version of MS Windows and Internet Explorer, Exploit-MSDirectShow.b allows the attack to execute arbitrary code on the victim's machine in the context of the web browser.

At the time of analysis, known exploits found in the wild executes code to download and install a trojan (Downloader-BRR). This trojan, in turn, can download other malware from a dynamic list.

 

 

Symptoms

  • Unexpected download and execution new applications form the web.
  • On a website that does not normally host media objects, IE7 may warn of risky ActiveX components executing.

Method of Infection

This trojan exploits an unpatched vulnerability in Microsoft DirectShow ActiveX object, via Internet Explorer.

Removal

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

-- Update July 6, 2009 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.theregister.co.uk/2009/07/06/new_microsoft_exploit_in_wild/

See also Microsoft Security Advisory (972890)

--

This detection covers trojans that exploits an unpatched vulnerability in Microsoft DirectShow ActiveX object, via Internet Explorer.

 

Characteristics

Characteristics -

When browsed upon using a vulnerable version of MS Windows and Internet Explorer, Exploit-MSDirectShow.b allows the attack to execute arbitrary code on the victim's machine in the context of the web browser.

At the time of analysis, known exploits found in the wild executes code to download and install a trojan (Downloader-BRR). This trojan, in turn, can download other malware from a dynamic list.

 

 

Symptoms

Symptoms -

  • Unexpected download and execution new applications form the web.
  • On a website that does not normally host media objects, IE7 may warn of risky ActiveX components executing.

Method of Infection

Method of Infection -

This trojan exploits an unpatched vulnerability in Microsoft DirectShow ActiveX object, via Internet Explorer.

Removal -

Removal -

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A