exploit

Discussion in 'NOD32 version 2 Forum' started by quartermile, Sep 10, 2007.

Thread Status:
Not open for further replies.
  1. quartermile

    quartermile Registered Member

    Joined:
    Sep 10, 2007
    Posts:
    2
    nod32 IMON caught this

    Code:
    hxxp://66.246.72.200/index.php	HTML/Exploit.IESlice.NAC trojan

    ideas anyone?
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,768
    Location:
    Texas
    Hello quartermile,

    No ideas but Eset will see your post and check it out. Please don't post clickable links to possible malware.
     
  3. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    That link just delivers the following code here (at the moment)...
    Code:
    <script language="JavaScript"> window.location.href = "hxxp://spl/" </script>
    Cheers :)
     
  4. jftuga

    jftuga Registered Member

    Joined:
    Mar 9, 2007
    Posts:
    64
    Location:
    Athens, GA
    I am not a professional AV examiner, but it looks like a virus to me. The payload is in another file that is downloaded. The virus tries to make a connection to the Internet and/or use FTP. It also inserts itself into the registry so that it will start when the computer is booted, possibly called ShareSearcher or SSearcher. Another thing is does is run a "net view" command and saves it to the c:\nv directory. One other thing it does it to install a file, wsusupd.exe, in the c:\ directory with the hidden file attribute.

    -John
     
  5. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    They're enjoying themselves changing it at will and now it's Google...at the moment
     
  6. quartermile

    quartermile Registered Member

    Joined:
    Sep 10, 2007
    Posts:
    2
    interesting .. and i dont even know how i got it, have only been to the usual websites
     
Thread Status:
Not open for further replies.