Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us

    Earlier today, Senior Threat Researcher Joseph Reyes spotted several malicious script files that exploited Mozilla Firefox and Microsoft Internet Explorer vulnerabilities:

    • JS_DIREKTSHO.B exploits a vulnerability in Microsoft Video Streaming ActiveX control to download other possibly malicious files.
    • JS_FOXFIR.A accesses a website to download JS_SHELLCODE.BV. In turn JS_SHELLCODE.BV exploits a vulnerability in Firefox 3.5 to download WORM_KILLAV.AKN.
    • JS_SHELLCODE.BU exploits a vulnerability in Microsoft OWC to download JS_SHELLCODE.BV.

    Initial analysis done by Threat Analyst Jessa De La Torre shows that the scripts above may be unknowingly downloaded through either Firefox or Internet Explorer.

    According to Mozilla, a Firefox user reported suffering from a crash that developers determined could result in an exploitable memory corruption problem. In certain cases after a return from a native function, the just-in-time (JIT) compiler could get into a corrupt state. This could then be exploited by an attacker to run arbitrary code. However, this vulnerability does not affect earlier versions of Firefox, which do not support the JIT feature.

    Firefox 3.5 users can avoid this vulnerability by disabling the JIT compiler as described in the Mozilla Security Blog. This workaround is, however, unnecessary for Firefox 3.5.1 users.

    On the other hand, the vulnerability in Microsoft Video ActiveX Control allows remote code execution if a user views a specially crafted web page with Internet Explorer, executing the ActiveX control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

    Microsoft is aware of attacks attempting to exploit the said vulnerabilities and advises its customers to prevent the OWC from running either manually or automatically using the solution found in Microsoft Knowledge Base Article 973472.

    Trend Micro advises users to refer to the following pages to download updates/patches for the vulnerabilities the aforementioned script files exploit:

    Trend Micro advises users to download the latest scan engine to protect themselves against the above-mentioned exploits.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice