StartPage trojan

[Johannesburg, 22 May 2003] - International data security software developer Kaspersky Labs reports that a new Trojan program, StartPage, is exploiting an Internet Explorer vulnerability for which there is no patch.

Kaspersky Labs says StartPage is the first malware to infect computers via the "Exploit.SelfExecHtml" vulnerability in the Internet Explorer security system.

The company warns that if a patch is not released soon, other viruses could exploit the vulnerability, resulting in what the company calls “a long-lasting, large-scale epidemic that could surpass even the Klez epidemic”.

In a warning issued today, Kaspersky Labs says StartPage is sent to victim addresses directly from the author and does not have an automatic send function. The first mass mailing to several hundred thousand addresses was registered in Russia on 20 May.

The StartPage program is a Zip-archive that contains an HTML file. Upon opening the HTML file, an embedded Java-script is launched that exploits the "Exploit.SelfExecHtml" Internet Explorer security system vulnerability and clandestinely executes an embedded EXE file carrying the Trojan program.

Eugene Kaspersky, head of anti-virus research at Kaspersky Labs, says that while the program is not particularly dangerous, it sets a precedent by using a vulnerability for which there is not yet a patch.

“It essentially means users are defenceless in the face of this and other potentially more dangerous threats choosing to exploit the same vulnerability,” he says.

regards.

paul