Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us

    Earlier today, TrendLabs has been alerted of a zero-day exploit in the Microsoft Video streaming ActiveX control MsVidCtl. Around 967 Chinese websites are reported to be infected by a malicious script that leads users to successive site redirections and lands them to download a .JPG file containing the exploit. Trend Micro detects it as JS_DLOADER.BD. Here’s a screenshot of the encrypted exploit code:

    Click for larger view

    The shellcode of the exploit is XOR encrypted. Below is the screenshot of the decrypted shellcode:

    Click for larger view

    Microsoft already released a security advisory regarding this vulnerability. More information can be found in the following page:

    Upon successful exploitation, the script downloads another malware detected as WORM_KILLAV.AI. This malware disables and terminates antivirus software processes, and drops other malware on the affected system.

    As of this writing, all domains are blocked already by Smart Protection Network. Furthermore, OfficeScan users with Intrusion Defense Firewall plugin installed are protected from this threat if they have updated to the latest filters (IDF09021).





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice