Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    November 2014
    S M T W T F S
    « Oct    
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    30  
  • About Us

    Trend Micro has identified new malware samples that exploit the still-unpatched Internet Explorer (IE) vulnerability. These samples have been detected as JS_ELECOM.C and HTML_COMLE.CXC. After exploiting the said bug, they attempt to connect to a certain URL to download a file.

    Click for larger view

    Further analysis by TrendLabs threat experts found that the new scripts are versions of JS_DLOADER.FIS (the only difference being the encryption techniques used), which was widely used in the recent attacks targeting major organizations like Google and Adobe. However, instead of merely targeting such organizations, they are now fully in the wild and hitting ordinary users.

    In line with this, Microsoft announced that it will release an out-of-band security update to fix the issue. It is highly advised that users immediately download the security patch once released.

    Trend Micro™ Smart Protection Network™ protects users from this type of attack by preventing the download of all the detected malicious files and by blocking user access to malicious sites.

    Trend Micro OfficeScan™ users with Intrusion Defense Firewall (IDF) plug-in are also protected from this attack if their systems are updated with IDF1003879 and IDF1003909 filters.

    Update as of January 21, 2010, 11:00 a.m. (GMT +8:00):

    The official Microsoft security bulletin and patch has been released. Users are strongly advised to apply this patch—either manually or automatically—to protect themselves against this threat.

    Update as of January 21, 2010, 9:58 p.m. (GMT +8:00):

    HTML_COMLE.CXC and another new exploit code downloading other component files before downloading HYDRAQ variants are now detected as JS_ELECOM.SMA. JS_ELECOM.SMA calls JS_ELECOM.SMB, its component file, which contains obfuscated data variables necessary for JS_ELECOM.SMA’s proper execution.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice