exploit

quartermile · Sep 10, 2007

nod32 IMON caught this
Code:
hxxp://66.246.72.200/index.php	HTML/Exploit.IESlice.NAC trojan
ideas anyone?

ronjor · Sep 10, 2007

Hello quartermile,

No ideas but Eset will see your post and check it out. Please don't post clickable links to possible malware.

NOD32 user · Sep 11, 2007

That link just delivers the following code here (at the moment)...
Code:
<script language="JavaScript"> window.location.href = "hxxp://spl/" </script>
Cheers

jftuga · Sep 11, 2007

I am not a professional AV examiner, but it looks like a virus to me. The payload is in another file that is downloaded. The virus tries to make a connection to the Internet and/or use FTP. It also inserts itself into the registry so that it will start when the computer is booted, possibly called ShareSearcher or SSearcher. Another thing is does is run a "net view" command and saves it to the c:\nv directory. One other thing it does it to install a file, wsusupd.exe, in the c:\ directory with the hidden file attribute.

-John

Bubba · Sep 11, 2007

NOD32 user said:

That link just delivers the following code here (at the moment)
Click to expand...

They're enjoying themselves changing it at will and now it's Google...at the moment

<script language="JavaScript"> window.location.href = "http://google.com" </script>
Click to expand...

quartermile · Sep 11, 2007

interesting .. and i dont even know how i got it, have only been to the usual websites

Log in or Sign up

exploit

quartermile Registered Member

ronjor Global Moderator

NOD32 user Registered Member

jftuga Registered Member

Bubba Updates Team

quartermile Registered Member

Log in or Sign up

exploit

quartermile Registered Member

ronjor Global Moderator

NOD32 user Registered Member

jftuga Registered Member

Bubba Updates Team

quartermile Registered Member

Useful Searches