Re: Got injected web script while browser any website(what's the virus?)

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

"Sunry" wrote:

Quoted text here. Click to load it


loads:

Quoted text here. Click to load it

which will attempt to download and run "info.jpg.exe".

main.js also loads:

Quoted text here. Click to load it

which looks like a malformed FlvPlayerUrl (Flash video?) exploit using
a buffer overflow to inject code. It's not obvious what the code does.

main.js also loads:

Quoted text here. Click to load it

which is an animated cursor exploit to download and run "info.exe".
This file is identical to "info.jpg.exe".

Quoted text here. Click to load it

It's nasty malware incorporating root-kit techniques. It will hide or
protect its files. The downloader (info.exe or info.jpg.exe) performs
the following actions:

* creates <windows>\system32\drivers\uuid.sys
* calls ZwSetSystemInformation to load uuid.sys into kernel space
* deletes uuid.sys
* downloads and runs "ads.1234214.info/tk/web.jpg", another executable
  as <user>\Local Settings\Temp\update.exe
* deletes the original downloader.

I haven't analysed what update.exe (web.jpg) does but it's detected by
Bitdefender as Win32.Almanahe.E. A quick inspection of the binary
shows it to be similar to what they describe here in the 'D' variant:
http://www.bitdefender.com/VIRUS-1000219-en--Win32.Almanahe.D.html

Quoted text here. Click to load it

You'd better check what other sites your network is connecting to.

Quoted text here. Click to load it

Malicious Javascript taking advantage of unpatched vulnerabilities in
Windows and other components. You need to increase your browser and
system security, and certainly should not allow ActiveX controls and
plugins to run on untrusted sites such as these.



Site Timeline