Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    10:20 am (UTC-7)   |    by

    US singer Omarion’s Ice box song aptly feels right with the discovery of a new version of an IcePack toolkit hosted on http://{BLOCKED}.{BLOCKED}.72.200, which also hosts a malicious JavaScript. The said JavaScript, detected by Trend Micro as JS_MULEX.C, is capable of resolving browser type and Windows operating system version of an affected system. This capability allows said JavaScript to determine which vulnerability to exploit in a system.

    Speaking of vulnerabilities, JS_MULEX.C is capable of exploiting a host of vulnerabilities in various applications and programs. It exploits the following vulnerabilties:

    • Vector Markup Language vulnerability in Internet Explorer
    • WebViewFolderIcon ActiveX integer overflow in Windows
    • Windows Media Player Plug-in with Non-Microsoft Internet browsers vulnerability
    • JavaScript navigator Object vulnearbility in Firefox
    • DXMedia SDK 6 ActiveX remote code execution vulnerability
    • Yahoo! Messenger webcam ActiveX remote buffer overflow vulnerability
    • Yahoo! Widgets getcomponentversion() remote overflow vulnerability
    • Remote code execution vulnerability in Microsoft Management Console
    • Remote code execution vulnerability in Microsoft Data Access Components (MDAC)

    The aforementioned vulnerabilities are discussed in detail (some also contain patches for the said vulnerabilities) in the following URLs:


    Once JS_MULEX.C is able to determine what vulnerabilities can be used in a system, it proceeds to exploit the vulnerability to download the file EXE.PHP onto the affected system. The said file is detected by Trend Micro as TSPY_AGENT.AAWC.

    Aside from keeping your patterns updated, Trend Micro strongly recommends applying regular updates to programs and applications.

    Thanks to Ryan Flores, Paul Ferguson, Rainer Link, and Roger Thompson of Exploit Prevention Labs for providing information.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice