[Dshield] Continued Sighting of Download.Ject
mj2 at percomp.de
Mon Jun 28 07:55:34 GMT 2004
>Continued Sighting of Download.Ject
>While the majority of the traffic has died down, we are still receiving
>reports of administrators finding log files with indicators of msits.exe
>download. We would like to remind all users that even thought the main
>issue is over, the same exploit is continuing to be used by web sites out
>there for malicious purposes. Practically all of the major antivirus
>services have signatures for this exploit, which is also known as
>JS.Scob.Trojan, Scob, and JS.Toofeer.
if understand correctly what I've read till now the actual IIS-Exploit that
makes it possible to place JSs is still not clear! MS04-11 only fixes the
known issues, but there seems to be some evidence that there is a 0-day
exploit for something else that was used.
AVs can only detect the trojan horses and IE-exploits!!!
More information about the list