StartPage trojan

Discussion in 'malware problems & news' started by Paul Wilders, May 22, 2003.

Thread Status:
Not open for further replies.
  1. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    [Johannesburg, 22 May 2003] - International data security software developer Kaspersky Labs reports that a new Trojan program, StartPage, is exploiting an Internet Explorer vulnerability for which there is no patch.

    Kaspersky Labs says StartPage is the first malware to infect computers via the "Exploit.SelfExecHtml" vulnerability in the Internet Explorer security system.

    The company warns that if a patch is not released soon, other viruses could exploit the vulnerability, resulting in what the company calls “a long-lasting, large-scale epidemic that could surpass even the Klez epidemic”.

    In a warning issued today, Kaspersky Labs says StartPage is sent to victim addresses directly from the author and does not have an automatic send function. The first mass mailing to several hundred thousand addresses was registered in Russia on 20 May.

    The StartPage program is a Zip-archive that contains an HTML file. Upon opening the HTML file, an embedded Java-script is launched that exploits the "Exploit.SelfExecHtml" Internet Explorer security system vulnerability and clandestinely executes an embedded EXE file carrying the Trojan program.

    Eugene Kaspersky, head of anti-virus research at Kaspersky Labs, says that while the program is not particularly dangerous, it sets a precedent by using a vulnerability for which there is not yet a patch.

    “It essentially means users are defenceless in the face of this and other potentially more dangerous threats choosing to exploit the same vulnerability,” he says.


    regards.

    paul
     
  2. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hello,

    I think it can only affect IE prior v 5.5

    Rgds,

    PS : I wonder whether DSOStop2 don't prevent it.
     
Loading...
Thread Status:
Not open for further replies.