Home > Threat descriptions >

Offensive

Classification

Category: Malware

Type: -

Aliases: Offensive, Trojan.JS.Offensive

Summary


Offensive is a trojan horse that is able to execute directly via a web page or a HTML formatted email message by using a security vulnerability in Internet Explorer.

Removal


Automatic action

Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details


When executed, the trojan creates the following registry keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
 RestrictRun
 NoChangeStartMenu
 NoClose
 NoDrives
 NoDriveTypeAutoRun
 NoFavoritesMenu
 NoFileMenu
 NoFind
 NoFolderOptions
 NoInternetIcon
 NoRecentDocsMenu
 NoLogOff
 NoRun
 NoSetActiveDesktop
 NoSetFolders
 NoSetTaskbar
 NoWindowsUpdate
 Nodesktop
 NoViewContextMenu
 NoNetHooD
 NoEntioeNetwork
 NoWorkgroupContents
 NoSaveSettings

 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\
 DisableRegistryTools
 NoConfigPage
 NoDevMgrPage
 NoDispAppearancePage
 NoDispScrSavPage
 NoDispBackgroundPage
 NoDispSettingsPage
 NoFileSysPage
 NoVirtMemPage

 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\
 NoRealMode
 Disabled

 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\
 Window Title
 Start Page

 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\
 Window Title
 Start Page

 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\
 LegalNoticeCaption
 LegalNoticeText

 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{C18CB140-0BBB-11D4-8FE8-0088CC102438}\
 ButtonText
 CLSID
 Default Visible
 Exec
 MenuStatusBar
 MenuText

 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
 how to **** japanese

 HKEY_CLASSES_ROOT\Drive\shell\how to **** japan\
 command

 HKEY_LOCAL_MACHINE\Software\CLASSES\
 .exe
 .reg
 .htm
 .html
 .txt
 .inf
 .dll
 .ini
 .sys
 .com
 .bat

 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\
 internat.exe;
 ScanRegistry
 TaskMonitor
 SystemTray
 LoadPowerProfile

 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\
 LoadPowerProfile
 SchedulingAgent

These changes to the registry render the system to unusable state.

The security vulnerability used by the trojan is known. A fix and further information is available from Microsoft: https://www.microsoft.com/technet/security/bulletin/MS00-075.asp