On October 31st, Microsoft released a Security Advisory entitled Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution.At this time, a vendor supplied patch has not been released against thevulnerability. It allows a remote file to be downloaded and executedwhenever a vulnerable user visits a malicious Web site. We haveconfirmed that it is being actively exploited in the wild.
To proactively detect the exploitation of this vulnerability, Symantec Security Response released Bloodhound.Exploit.95on November 1. Since then, we have received steady number ofBloodhound.Exploit.95 submissions. The submitted files are generally.html files from malicious Web sites, which use the vulnerability todownload further malware, most of which have turned out to be Trojan.Galapoper.Avariants. Trojan.Galapoper.A is a Trojan that downloads and executesremote files, which are generally other malware. Other downloaded fileshave turned out to be general Infostealers.