1
   

Help Identifying A Trojan Horse

 
 
cjhsa
 
Reply Fri 18 Jul, 2008 07:33 am
Co-worker reports one of his computers was infected through a Flash exploit that in turn launched a Java script that then uses either Quicktime or WMP to download the payload.

Any idea what this might be? Seems pretty sophisticated, not your average teen hacker anyway.
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 1 • Views: 734 • Replies: 3
No top replies

 
cjhsa
 
  1  
Reply Fri 18 Jul, 2008 12:11 pm
Anybody?
0 Replies
 
DrewDad
 
  1  
Reply Fri 18 Jul, 2008 12:20 pm
They've known about the flash exploit for some time. I posted a thread on it back in May.

http://www.able2know.org/forums/viewtopic.php?t=117200

DrewDad wrote:
From a security advisory from one of our vendors:

Quote:
Attackers insert SCRIPT and IFRAME tags into the content of trusted, legitimate web sites via a known SQL injection attack. Those tags redirect the user to the attacker's server which hosts the Flash exploit. Tens of thousands of web sites are vulnerable to the SQL injection attack, meaning the distribution potential is high.

...

The only confirmed vulnerable version is (pre-patch) 9.0.115.0.

...


**** advises clients to verify that all Adobe Flash installations are running version 9.0.124 or later. This version may also be referred to as "9f", "9,0,124,0", "9.0 r124" or similar. However, Adobe Flash does not store version information in the registry. For individual PCs, the version of the currently installed Flash Player can be determined by visiting this Adobe web page:

http://www.adobe.com/products/flash/about/

...

Payloads vary but generally include the installation of downloaders, backdoors, and password stealing spyware Trojans. While detection of the various Trojans is good on average, some remain undetected by major AV engines. None of the major AV engines detected the actual exploit Flash file at the time this advisory was written. Now that samples have been obtained, anti-virus companies are updating their signatures accordingly.


My flash player was at 9.0.115.0. I'm upgrading now.

http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash
0 Replies
 
cjhsa
 
  1  
Reply Fri 18 Jul, 2008 12:24 pm
thx for that
0 Replies
 
 

Related Topics

Clone of Micosoft Office - Question by Advocate
Do You Turn Off Your Computer at Night? - Discussion by Phoenix32890
The "Death" of the Computer Mouse - Discussion by Phoenix32890
Windows 10... - Discussion by Region Philbis
Surface Pro 3: What do you think? - Question by neologist
Windows 8 tips thread - Discussion by Wilso
GOOGLE CHROME - Question by Setanta
.Net and Firefox... - Discussion by gungasnake
Hacking a computer and remote access - Discussion by trying2learn
 
  1. Forums
  2. » Help Identifying A Trojan Horse
Copyright © 2024 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 5.14 seconds on 12/23/2024 at 06:11:03