As Sean predicted a week ago, we now have exploit code in-the-wild for MS09-002, a vulnerability in Internet Explorer 7. The exploit downloads a file named jc.exe from a server in China.
Exploit:W32/JSShell.A is our detection name for the exploit and the downloaded file is Trojan-Dropper:W32/Agent.JLA. The file jc.exe drops a backdoor detected as Backdoor:W32/Agent.JLA.
It was great to see that F-Secure Exploit Shield proactively protected against the exploit without the need for a shield update. Below is a screenshot of the exploit being blocked with heuristics.
If you haven't installed the Exploit Shield update already, do so now.
Updated to add: You should also of course install February's Microsoft Updates if you haven't already done so…
