Home / malware Trojan.Exploit.ANOX
First posted on 21 November 2011.
Source: BitDefenderAliases :
Trojan.Exploit.ANOX is also known as Trojan-Downloader.VBS.Agent.qo;, JS/Objsnapt.A;, VBS:SanpshotView-A, [Expl].
Explanation :
This malware is written in Javascript and exploits a vulnerability in the Snapshot Viewer ActiveX control for Microsoft Access(snapview.ocx). The payload will be the download of a file from the following link http://www.oiutr.net/new/[removed].css (detected by Bitdefender as Rootkit.Agent.AIWN). The file will be saved to the following path [c or d or e]:/Program Files/Outlook EXpress/WAB.EXE.
You can find more information about this vulnerability here CVE-2008-2463.Last update 21 November 2011