Home / malwarePDF  

Trojan.Exploit.ANOP


First posted on 21 November 2011.
Source: BitDefender

Aliases :

Trojan.Exploit.ANOP is also known as TrojanDownloader:Win32/Small.gen!B, HTML/Silly.Gen, Downloader.Psyme.dh.

Explanation :

This is another campaign which uses a chain of exploits ( similar to Trojan.Exploit.SSX ) and tries to download and execute other malware onto the affected computer, by using different exploit for various vulnerable applications.
Hence we can discover the usual technique of stealing whichever exploit available and putting it to work on the website owned by malware distributors. Here are some of them found on the website [removed].teseku.info :
iframes leading to exploits for Flash Player which try to download another malware (Trojan.Delf.POH).exploit for SSReader consisting in a buffer overflow vulnerability in the "LoadPage" function of an ActiveX control with the following CLSID : 7F5E27CE-4A5C-11D3-9232-0000B48A05B2. With a special crafted parameter to the function, arbitrary code can be executed. This exploit downloads the same malware mentioned before.

Last update 21 November 2011

 

TOP