|Detected||Mar 15 2011 19:35 GMT|
|Released||Mar 16 2011 00:44 GMT|
|Published||Apr 04 2011 13:52 GMT|
This exploit program uses vulnerability in Microsoft Windows Help and Support Center to execute itself on the user's computer. It is an ASX (Advanced Stream Redirector) file. It is 152 bytes in size.
Once the file is opened in Windows Media Player using the player's "HTMLView" function, the Trojan downloads malicious web content from the following link:
http://sp0***e.ms/games/hcp.php?f=16The following file icon is displayed as media content:
http://sp0***e.ms/games/L.gifAt the time of writing, these links were inactive.
The downloaded web content takes the form of an HTML document, which contains the exploit's main functionality.
The malware exploits a vulnerability that arises due to the incorrect handling of URL escape sequences in the function MPC::HexToNum in the Microsoft Windows Help and Support Center applications (helpctr.exe) (MS10-042, CVE-2010-1885). After exploiting the vulnerability, the malicious user can execute commands that are delivered through a specially generated "hcp://" URL. The Microsoft products MS Internet Explorer 8 and Windows Media Player 9 are vulnerable.
If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:
Exploits are programs that contain data or executable code which take advantage of one or more vulnerabilities in software running on a local or remote computer for clearly malicious purposes.
Often, malicious users employ an exploit to penetrate a victim computer in order to subsequently install malicious code (for example, to infect all visitors to a compromised website with a malicious program). Additionally, exploits are commonly used by Net-Worms in order to hack a victim computer without any action being required from the user.
Nuker programs are notable among exploits; such programs send specially crafted requests to local or remote computers, causing the system to crash.