Content

Exploit-Iframe.gen.s

Type
Trojan
SubType
Exploit
Discovery Date
08/26/2009
Length
Varies
Minimum DAT
5721 (08/26/2009)
Updated DAT
5739 (09/12/2009)
Minimum Engine
5.3.00
Description Added
08/26/2009
Description Modified
08/27/2009 7:48 AM (PT)
Risk Assessment
Corporate User
Low-Profiled
Home User
Low-Profiled

Tab Navigation

Characteristics

If the malicious IFrame is loaded, the users could be redirected to other malicious sites, which in turn could scan the user's machine for various exploits.

When an exploit is successful, it would download more malware on the user's machine.

Symptoms

Upon execution, the trojan attempts to download files from http:\\js.tongji.[Removed].com

Method of Infection

This threat could be delivered via an infectious web page or an email message.

Removal

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

-- Update August 27, 2009 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.theregister.co.uk/2009/08/27/mass_web_infection/

--

This detection is for malicious IFrames embedded on various legitimate websites.

Characteristics

Characteristics -

If the malicious IFrame is loaded, the users could be redirected to other malicious sites, which in turn could scan the user's machine for various exploits.

When an exploit is successful, it would download more malware on the user's machine.

Symptoms

Symptoms -

Upon execution, the trojan attempts to download files from http:\\js.tongji.[Removed].com

Method of Infection

Method of Infection -

This threat could be delivered via an infectious web page or an email message.

Removal -

Removal -

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A