|Detected||Jul 01 2011 01:50 GMT|
|Released||Jul 01 2011 03:55 GMT|
|Published||Sep 19 2011 07:13 GMT|
The trojan contains a function that allows it to launch certain malicious scripts, as well as Java-applets, using the vulnerability CVE-2010-4452 to download other malware to the infected computer. It is a HTML-document, containing Java Script. Depending on the version, it may be between 922 and 1648 bytes.
After launching the malicious HTML-document, using Java Script tools, it is decoded and a code is recorded in its body which carries out the following actions:
http://www.anr***ezrs.net/placeholder-4211928?target=_top&mouseover=Y http://www.anr***ezrs.net/placeholder-4211915?target=_top&mouseover=Y http://www.anr***ezrs.net/placeholder-4211938?target=_top&mouseover=Y http://www.k***yfj.com/placeholder-4211931?target=_top&mouseover=Y
track2.xar voke.xarThe class implementing the applet code may be named as follows:
If your computer has not been protected with anti-virus software and has been infected with malware, you will need to take the following actions to delete this:
Exploits are programs that contain data or executable code which take advantage of one or more vulnerabilities in software running on a local or remote computer for clearly malicious purposes.
Often, malicious users employ an exploit to penetrate a victim computer in order to subsequently install malicious code (for example, to infect all visitors to a compromised website with a malicious program). Additionally, exploits are commonly used by Net-Worms in order to hack a victim computer without any action being required from the user.
Nuker programs are notable among exploits; such programs send specially crafted requests to local or remote computers, causing the system to crash.