Endpoint Protection

 View Only

  • 1.  what does this exploit do? What's it attack?

    Posted Apr 21, 2010 08:06 AM

    10.252.24.104    		 Bloodhound.Exploit.292
    Antivirus - Heuristic    		 1 04/20/2010 14:41:40 IVRS-SEP1
    VRDSMSEP2
    My Company\Client Computers\Desktop    		 Quarantined
    Auto-Protect scan    		 C:\Documents and Settings\bam\Local Settings\Temporary Internet Files\Content.IE5\TFKR0NBV\java[1].htm


    What is this - what does it do, or what was it SUPPOSED to do before Symantec interrupted it?
    It comes in as JAVA.HTM
    It's found as bloodhound.exploit.292  but that's pretty meaningless to me. I'd like to know what it was supposed to do or attack.

    Only a small handful detect it on virustotal, Symantec, Sophos, Avast, GData (finds it as Jaderun-A) and Kaspersky so not a really big list that "detect" this.
    Just wondering what it was supposed to do should it have run undetected........... 


  • 2.  RE: what does this exploit do? What's it attack?
    Best Answer

    Posted Apr 21, 2010 08:15 AM

    Bloodhound.Exploit.292

    http://www.symantec.com/security_response/writeup.jsp?docid=2010-041418-2428-99


  • 3.  RE: what does this exploit do? What's it attack?

    Posted Apr 21, 2010 08:23 AM
    Ah, for some reason, I didn't find it.
    OK, so it's pretty "new" as far as detection, but probably pretty benign (won't really do anything) on most systems as how many have the things that this is attempting to attack.
    I did submit it just because........... maybe they can see variations on a theme or some specifics out there that way.
    Thanks.