McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

• JS/Stealus.gen

Characteristics

This detection covers HTML documents (such as web pages and HTML formatted email messages) that contain malicious JavaScript, which exploit an Internet Explorer vulnerability resulting in Internet Explorer displaying one location in the Address bar, but actually loading the content from a different site.  Such URL spoofing can result in attackers creating forged versions of legitimate sites in order to steal account information, personal information, etc.

Symptoms

There are no obvious symptoms of this exploit.  Files detected as JS/Stealus are benign themselves.  No system changes or damage occurs from accessing an JS/Stealus file.  However, following an exploited hyperlink within a detected file can result in users being tricked to divulge personal information, install malicious software, etc.

Method of Infection

Email spam is the most likely delivery method of such malicious html pages, to lure users into updating account information.

Removal

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

• JS/Stealus.gen

Characteristics

Characteristics -

This detection covers HTML documents (such as web pages and HTML formatted email messages) that contain malicious JavaScript, which exploit an Internet Explorer vulnerability resulting in Internet Explorer displaying one location in the Address bar, but actually loading the content from a different site.  Such URL spoofing can result in attackers creating forged versions of legitimate sites in order to steal account information, personal information, etc.

Symptoms

Symptoms -

There are no obvious symptoms of this exploit.  Files detected as JS/Stealus are benign themselves.  No system changes or damage occurs from accessing an JS/Stealus file.  However, following an exploited hyperlink within a detected file can result in users being tricked to divulge personal information, install malicious software, etc.

Method of Infection

Method of Infection -

Email spam is the most likely delivery method of such malicious html pages, to lure users into updating account information.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants -

N/A