Content

Exploit-IFrame.gen.a

Type
Trojan
SubType
Exploit
Discovery Date
08/08/2008
Length
varies
Minimum DAT
5357 (08/08/2008)
Updated DAT
5357 (08/08/2008)
Minimum Engine
5.2.00
Description Added
08/08/2008
Description Modified
08/15/2008 2:39 PM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

Exploit-IFrame is a generic detection for malicious IFrames embedded on various legitimate websites.

The malicious website rendered within the IFrame attempts exploit various vulnerabilities.  Some of which may include:

  • Microsoft Data Access Components (MDAC)
  • Code Execution Vulnerability (JS/Downloader-AUE)
  • Real Player Buffer overflow vulnerability (Exploit-RealPlay.a)
  • Real Player ActiveX control heap corruption vulnerability (Exploit-RealPlay.e)

 

Symptoms

Unexplained download of and execution of files when visiting a website.

Method of Infection

This threat could be delivered via an infectious web page or an email message.

Removal

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

Exploit-IFrame is a detection for malicious IFrames embedded on various legitimate websites.

Characteristics

Characteristics -

Exploit-IFrame is a generic detection for malicious IFrames embedded on various legitimate websites.

The malicious website rendered within the IFrame attempts exploit various vulnerabilities.  Some of which may include:

  • Microsoft Data Access Components (MDAC)
  • Code Execution Vulnerability (JS/Downloader-AUE)
  • Real Player Buffer overflow vulnerability (Exploit-RealPlay.a)
  • Real Player ActiveX control heap corruption vulnerability (Exploit-RealPlay.e)

 

Symptoms

Symptoms -

Unexplained download of and execution of files when visiting a website.

Method of Infection

Method of Infection -

This threat could be delivered via an infectious web page or an email message.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A