JS_EXPLOIT.ADD
Exploit:JS/CVE-2013-3893.A (Microsoft), Exploit-CVE2013-3893 (McAfee), Exp/20133893-B (Sophos), HTML/Shellcode.Gen (Antivir), JS/CVE3893.gen (F-Prot), JS:Exploit.CVE-2013-3893.A (Bitdefender), Win32/Exploit.CVE-2013-3893.A trojan (ESET)
Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)
Threat Type: Trojan
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
This Trojan executes when a user accesses certain websites where it is hosted.
It executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.
TECHNICAL DETAILS
Arrival Details
This Trojan executes when a user accesses certain websites where it is hosted.
Download Routine
This Trojan connects to the following website(s) to download and execute a malicious file:
It saves the files it downloads using the following names:
It then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.
NOTES:
This Trojan connects to the following website(s) to download and execute a malicious file:
- http://{BLOCKED}.61.57/svchost.exe
It saves the files it downloads using the following names:
- %User Temp%\runrun.exe