|Detected||Apr 28 2011 19:52 GMT|
|Released||Apr 29 2011 02:02 GMT|
|Published||Sep 08 2011 08:44 GMT|
When launched, the exploit downloads a file from a link. Depending on the version, the exploit may download the file from different links, for example:
http://98.***.14.171:321/cc.exe http://121.***.170.179:54321/h.exe http://121.***.168.129:987/ss.exe http://x.***ririni.info:6789/down/my/103.exe http://x.***ririni.info:6789/down/my/108.exe http://58.***.36.199:8832/xx/xm05.cssWhen creating the description, two files were downloaded from some of the indicated links. One file is 16372 bytes and is detected by Kaspersky Antivirus as Trojan-Downloader.Win32.Agent.ssax. The second file is 25088 bytes and is detected by Kaspersky Antivirus as Trojan-Downloader.Win32.Geral.vnk. The downloaded file is saved under the following name:
%AppData%\f.exeThe downloaded file is then launched and the exploit shuts down.
If your computer has not been protected with anti-virus software and has been infected with malware, you will need to take the following actions to delete this:
%Temporary Internet Files%
Exploits are programs that contain data or executable code which take advantage of one or more vulnerabilities in software running on a local or remote computer for clearly malicious purposes.
Often, malicious users employ an exploit to penetrate a victim computer in order to subsequently install malicious code (for example, to infect all visitors to a compromised website with a malicious program). Additionally, exploits are commonly used by Net-Worms in order to hack a victim computer without any action being required from the user.
Nuker programs are notable among exploits; such programs send specially crafted requests to local or remote computers, causing the system to crash.