<<<
NEWS FROM THE LAB - Thursday, April 8, 2010
>>>
 

 
Singer's Exploit Kit version CVE-2010-0806 Posted by Response @ 06:40 GMT

Well, well… looks like someone has been singing along to one of Jay Chow's songs while coding an exploit that corresponds to a vulnerability in Internet Explorer, which was addressed in Microsoft Security Bulletin MS10-018. The exploit that targets on the Peer Object component (iepeers.dll) in IE has been found in the wild, and today it was detected while attempting to exploit on the client browser.

After decoding from a shellcode, it will download the payload and will be detected as Trojan:W32/KillAV.LD.

The JavaScript used to exploit the vulnerability is shown below:



Upon a closer look, you will notice that the variable and function names were actually referring to some Chinese characters with specific meanings. Those are a mix of song lyrics in a childhood song and a song by Jay Chow, a Taiwanese singer.



As usual, exploits like this are blocked by our Browsing Protection, so you can browse with a peace of mind.

Response posted by — Jaan Yeh and Chu Kian.