It is used to silently install malicious software onto the website visitor's system.
Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.
More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
This exploit targets Internet Explorer 7 in and works on the Windows XP and Windows Server 2003 operating systems.
Note: It appears that this exploit may also work on Vista SP0 and SP1.
The exploit can be recognized as shown in the picture below:
If the exploit successfully executes, it will download a malicious file from the following URL address:
We detect the downloaded file as Trojan:W32/Agent.IHN.
Please see the following report for additional information on the vulnerability used:
Note: To be clear, scripts used by this particular exploit target IE7 while the vulnerability itself affects all versions of IE.
Attempts to connect with HTTP to: