Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrades.
Please accept our apologies in advance for any inconvenience this might cause.

Exploits get Visual

Created: 03 Nov 2006 08:00:00 GMT • Updated: 23 Jan 2014 18:55:36 GMT
Shunichi Imano's picture
0 0 Votes
Login to vote

On October 31st, Microsoft released a Security Advisory entitled Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution.At this time, a vendor supplied patch has not been released against thevulnerability. It allows a remote file to be downloaded and executedwhenever a vulnerable user visits a malicious Web site. We haveconfirmed that it is being actively exploited in the wild.

To proactively detect the exploitation of this vulnerability, Symantec Security Response released Bloodhound.Exploit.95on November 1. Since then, we have received steady number ofBloodhound.Exploit.95 submissions. The submitted files are generally.html files from malicious Web sites, which use the vulnerability todownload further malware, most of which have turned out to be Trojan.Galapoper.Avariants. Trojan.Galapoper.A is a Trojan that downloads and executesremote files, which are generally other malware. Other downloaded fileshave turned out to be general Infostealers.

Once again this demonstrates the need to practice safe computinguntil a vendor supplied patch is made available. And think twice beforevisiting a suspicious Web site – you may get more than you bargainedfor.