Overview |
Vendor Notes: |
From the doc: 'Loads a hta into start up of eng NT, apon reboot it downloads and runs a trojan (after a fifteen minute pause, in case they are dial up). This can be a bo2k trojan. It is all silent. AKA JS.Trojan.Freq.F... What this does, in a nutshell - it uploads a hex'd version of the Thing server v1.6, reconstructs it into an executable, runs it... then, on next reboot deletes all of the files in the startup folder before they are run a second time. It is exploitable by email, webpage, or newspost. There has been a patch released for the script lib... but, because Microsoft does not advertise these things and people do not update their systems ('what the hell is script lib?', 'do I have to reboot, no way!', they say)... you will find a very large number of systems 'at risk'.' |
Category: |
Exploit: A way of breaking into a system. An exploit takes advantage of a weakness in a system in order to hack it. Exploits are the root of the hacker culture. Hackers gain fame by discovering an exploit. Others gain fame by writing scripts for it. Legions of script-kiddies apply the exploit to millions of systems, whether it makes sense or not. Since people make the same mistakes over-and-over, exploits for very different systems start to look very much like each other. Most exploits can be classified under major categories: buffer overflow, directory climbing, defaults, Denial of Service.
|
Similar Pests: |
Exploit |
Origins |
Author: |
Exxtreme, |
By This Author: |
Annihilate 98 · Annihilate NT · Destroyer 98 · Destroyer NT · F You Avp · God Message · Godmessage · Trojan Runner 98 |
Date of Origin: |
September, 2001 |
Operation |
Detection and Removal |
Automatic Removal: |
 PestPatrol detects this.
PestPatrol removes this.
|
Research |
More Info: |
AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo! |
Research By: |
PestPatrol's Pest Research Center |
Last Revised: |
July 16, 2004 |