Archive for the ‘Encyclopedia viruses’ Category

Virus AlertExploit.Java.CVE-2010-0842.a

Exploit that uses the vulnerability CVE-2010-0842 in the component “Sound” Oracle Java SE (up to version 6, the 18th update) to download files on the infected computer.

Technical details

Exploit that uses the vulnerability CVE-2010-0842 in the component “Sound” Oracle Java SE (up to version 6, the 18th update) to download files on the infected computer. Is RMF-file (Rich Music Format). Depending on the modification may have a size 492 or 479 bytes.

Destructive activity (more…)

Virus AlertAffected versions: Opera version to 11.67 (for Mac OS X) and 2.12

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

An error exists when displaying buttons in dialog boxes, small browser window. An attacker can trick the user to click a button on the page and download and execute arbitrary files with the privileges of the current user.

Manufacturer URL: http://www.opera.com

Solution: Install the latest version 11.67 or 12.02 from the manufacturer.

links:
http://www.opera.com/support/kb/view/1028/

Virus AlertMalware Exploit.Java.CVE-2010-0842.d – Exploit that uses the vulnerability CVE-2010-0842 in the component “Sound” Oracle Java SE (up to version 6, the 18th update) to download files on the infected computer.

Technical details

Exploit that uses the vulnerability CVE-2010-0842 in the component “Sound” Oracle Java SE (up to version 6, the 18th update) to download files on the infected computer. Is a Java-class (class-file). Has a size of 2195 bytes.

Destructive activity

Exploited by malicious functionality is implemented in the class “SiteAudioHelper”. The exploit is a Java-applet. Its launch is infected with HTML-pages with the tag “applet”, for which the parameter named “MIDIFILE” Given the path of a specially modified RMF-file (Rich Music Format). This file contains blocks “SONG” and “Midi” executable code to exploit the vulnerability object “MixerSequencer”, boot the infected computer file to a link. (more…)

Virus AlertMalware Exploit.JS.Pdfka.dmg – This program is an exploit that uses for its execution on a user’s vulnerability in the products of Adobe – Reader and Acrobat.

Technical details

This program is an exploit that uses for its execution on a user’s vulnerability in the products of Adobe – Reader and Acrobat. The file is a XFA (XML Forms Architecture) form, which contains malicious script language Java Script. Has a size of 14,529 bytes.

Destructive activity

Initialize and run malicious content XFA form occurs after opening a specially crafted PDF infected document that contains the form. As an event handler “initialize” in XFA form, use obfuscated malicious script Java Script. After removing the obfuscation, the malware exploits a vulnerability, which is due to a buffer overflow when processing invalid arguments “libtiff.dll” (CVE-2010-0188), to load the file, which is located at: (more…)

Virus AlertMalware Net-Worm.Win32.Kolab.ylu – This worm copies itself to removable drives, as well as download and install other software on the victim machine without the user’s knowledge.

Technical details

This worm copies itself to removable drives, as well as download and install other software on the victim machine without the user’s knowledge. It is a Windows (PE-DLL) file. Has a size of 60,928 bytes. Packed with an unknown packer. Unpacked size – about 136 KB. Written in C + +.

Installation

Copies its body to the temporary directory of the current user name: <>% Temp% \ srv . Tmp where – a random set of numbers and letters of the Latin alphabet, such as “7E4” or “1E8”. (more…)

Virus AlertTrojan. Is an HTML-page with a script written JavaScript.

Technical details

Trojan. Is an HTML-page with a script written JavaScript. Has a size of 200 bytes.

Destructive activity

When you open an infected site on your computer in a hidden frame, the code is located at the following links:

http://www. *** scobar.in / analytics / in.cgi? 3

Removal

If your computer was not protected by Antivirus and is infected with this malware, then to delete the following:

Delete the original Trojan file (the location of the victim will depend on how the program originally penetrated the victim machine).

Malware Trojan.Hytets

Posted: August 29, 2012 in Encyclopedia viruses
Tags:

Virus AlertMalware Trojan.Hytets – multi bootkit

Added to the virus database Dr.Web: 2012-08-17

Inserted 29/08/2012

A multi bootkit is written in C, is able to hide its own presence in the infected system. Includes 8 components, including three drivers.

Has a functional antidebuggings: startup checks whether it is loaded in a virtual machine is not being used in the OS application debugger. Checks the number of infected computer applications used for billing in Chinese Internet cafes. (more…)

Malware Trojan.JS.Redirector.oy – Trojan. Is a script written in Java Script (JS), which is located in the HTML document.

Technical details

Trojan. Is a script written in Java Script (JS), which is located in the HTML document. Has a size of 717 bytes.

Destructive activity

When launched, the Trojan opens the following link into your browser: (more…)

Malware Trojan.VBS.StartPage.hs – Trojan. Is an HTML-page with scripting languages ​​Visual Basic Script and JavaScript.

Technical details

Trojan. Is an HTML-page with scripting languages ​​Visual Basic Script and JavaScript. Has a size of 2172 bytes.

Destructive activity

When you open an infected Web-sites, the Trojan modifies the following registry keys: (more…)

Malware Trojan.Win32.Agent.gwvg – Trojan has a destructive effect on the user’s computer.

Technical details

Trojan has a destructive effect on the user’s computer. The program itself is a Windows (PE EXE-file). 45056 bytes in size. It is written in Delphi.

Destructive activity

After starting the Trojan will search for and delete the following files: (more…)