Dec 31 2004 1:58AM
Update your Windows and your antivirus software !
this attack is known as "Trojan.ByteVerify". It exploits the "Internet Explorer/Outlook
CHM File Processing Arbitrary Code Execution Vulnerability (MS04-013)" and
the "Microsoft virtual machine Remote Code execution flaw (MS03-011)".
When Trojan.ByteVerify is executed, it performs the following actions:
Escapes the sandbox restrictions, using Blackbox.class, by doing the following:
Declares a new PermissionDataSet with setFullyTrusted set to TRUE.
Creates a trusted PermissionSet.
Sets permission to PermissionSet by creating its own URLClassLoader class, derived
from the VerifierBug.class.
Loads Beyond.class using the URLClassLoader from Blackbox.class.
Gains unrestricted rights on the local machine by invoking the .assertPermission method
of the PolicyEngine class in Beyond.class.
May attempt to retrieve dialer programs and install them on the infected computer.
The dialer programs may attempt to connect the infected computer to pornographic
Threat Known As :
K-OTik Security Research & Monitoring Team 24/7
Pint-size luxury and funky style
Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.