F-Secure
Tools
Exploit:JS/Agent.IHL
Summary
Exploit:JS/Agent.IHL is JavaScript, usually found on malicious or compromised websites.
It is used to silently install malicious software onto the website visitor's system.
It is used to silently install malicious software onto the website visitor's system.
Details
Network Connections
Attempts to connect with HTTP to:
http://www.steoo.com/[...]/win.exe
Additional Details
Exploit
Exploit:JS/Agent.IHL is JavaScript code that exploits a vulnerability found in versions of Microsoft Internet Explorer.
This exploit targets Internet Explorer 7 in and works on the Windows XP and Windows Server 2003 operating systems.
Note: It appears that this exploit may also work on Vista SP0 and SP1.
The exploit can be recognized as shown in the picture below:
If the exploit successfully executes, it will download a malicious file from the following URL address:
We detect the downloaded file as Trojan:W32/Agent.IHN.
Vulnerability
Please see the following report for additional information on the vulnerability used:
Note: To be clear, scripts used by this particular exploit target IE7 while the vulnerability itself affects all versions of IE.
Exploit:JS/Agent.IHL is JavaScript code that exploits a vulnerability found in versions of Microsoft Internet Explorer.
This exploit targets Internet Explorer 7 in and works on the Windows XP and Windows Server 2003 operating systems.
Note: It appears that this exploit may also work on Vista SP0 and SP1.
The exploit can be recognized as shown in the picture below:
If the exploit successfully executes, it will download a malicious file from the following URL address:
- http://www.steoo.com/[...]/win.exe
We detect the downloaded file as Trojan:W32/Agent.IHN.
Vulnerability
Please see the following report for additional information on the vulnerability used:
Note: To be clear, scripts used by this particular exploit target IE7 while the vulnerability itself affects all versions of IE.