Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

The Stars See Malicious Code in Your Future

Created: 24 Mar 2008 07:00:00 GMT • Updated: 23 Jan 2014 18:41:40 GMT
Hannah Chen's picture
0 0 Votes
Login to vote

Recently, we observed some suspicious activity on the Chinese Yahoo astrology site, Upon investigation, we determined that the site in question contained an iframe that was linking to the domain, an astrology-based match finding company. This page contained an embedded iframe that linked to a malicious site that was exploiting the Real Player ierpplug.dll ActiveX Control Buffer Overflow Vulnerability and the MSIE ADODB.Stream Object File Installation Weakness to download malicious code onto a compromised machine.

We contacted our friends at Yahoo, who subsequently removed all iframe references pointing to Symantec antivirus products that include Browser Protection, a feature that detects browser-based exploits, automatically blocked access to the site hosting the exploits, thereby preventing infection. The downloaded malicious code samples are detected as Downloader with definitions version 03/22/2008 revision 2 and later.