It is used to silently install malicious software onto the website visitor's system.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
This exploit targets Internet Explorer 7 in and works on the Windows XP and Windows Server 2003 operating systems.
Note: It appears that this exploit may also work on Vista SP0 and SP1.
The exploit can be recognized as shown in the picture below:
If the exploit successfully executes, it will download a malicious file from the following URL address:
We detect the downloaded file as Trojan:W32/Agent.IHN.
Please see the following report for additional information on the vulnerability used:
Note: To be clear, scripts used by this particular exploit target IE7 while the vulnerability itself affects all versions of IE.
Attempts to connect with HTTP to: