[Dshield] Continued Sighting of Download.Ject

Matthias Jaenichen mj2 at percomp.de
Mon Jun 28 07:55:34 GMT 2004

>Continued Sighting of Download.Ject
>While the majority of the traffic has died down, we are still receiving 
>reports of administrators finding log files with indicators of msits.exe 
>download. We would like to remind all users that even thought the main 
>issue is over, the same exploit is continuing to be used by web sites out 
>there for malicious purposes. Practically all of the major antivirus 
>services have signatures for this exploit, which is also known as 
>JS.Scob.Trojan, Scob, and JS.Toofeer.

if understand correctly what I've read till now the actual IIS-Exploit that 
makes it possible to place JSs is still not clear! MS04-11 only fixes the 
known issues, but there seems to be some evidence that there is a 0-day 
exploit for something else that was used.

AVs can only detect the trojan horses and IE-exploits!!!


More information about the list mailing list