It is used to silently install malicious software onto the website visitor's system.
Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
This exploit targets Internet Explorer 7 in and works on the Windows XP and Windows Server 2003 operating systems.
Note: It appears that this exploit may also work on Vista SP0 and SP1.
The exploit can be recognized as shown in the picture below:
If the exploit successfully executes, it will download a malicious file from the following URL address:
We detect the downloaded file as Trojan:W32/Agent.IHN.
Please see the following report for additional information on the vulnerability used:
Note: To be clear, scripts used by this particular exploit target IE7 while the vulnerability itself affects all versions of IE.
Attempts to connect with HTTP to: