Home / malware JS/Anogre
First posted on 18 July 2014.
Source: MicrosoftAliases :
There are no other names known for JS/Anogre.
Explanation :
Threat behavior
JS/Anogre is a detection for the JavaScript components of the "SweetOrange" exploit kit. This exploit kit can exploit vulnerabilities in Java, Adobe Flash Player and Microsoft True Type font.
The threat checks for the following vulnerabilities:
- Java Runtime Environment (JRE)
CVE-2013-0422 - affecting Java Development Kit and Java Runtime Environment 7 Update 10 and earlier. We detect this as Exploit:Java/Anogre.A
- Adobe Flash Player
CVE-2014-0497 - affecting Adobe Flash Player 12.0.0.43 and earlier versions for Windows. We detect this as Exploit:SWF/CVE-2014-0497
CVE-2014-0515 - affecting Adobe Flash Player 13.0.0.182 and earlier versions for Windows. We detect this as Exploit:SWF/Anogre.A
- Microsoft True Type Font
JS/Anogre checks for a vulnerability in the Win32 TrueType font parsing engine in the Microsoft Windows component Win32k.sys. This vulnerability is explained in Microsoft Security Advisory 2639658. We detect this as Exploit:Win64/Anogre.gen!A, Exploit:Win32/Anogre.gen!A, Exploit:Win32/Anogre.A and Exploit:Win32/CVE-2011-3402
This list of software vulnerabilities exploited by JS/Anogre is not exhaustive.
If JS/Anogre is successful in its exploit attempt it will then attempt to download more malware onto your PC.
Analysis by Methusela Cebrian Ferrer
Symptoms
Alerts from your security software may be the only symptom.
Last update 18 July 2014
