Discovered: April 3, 2004
Updated: April 6, 2004 4:24:33 PM
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows 2000
Download.Tagdoor exploits the Microsoft Internet Explorer Object Type Validation Vulnerability (BID 8456) to execute a file on a vulnerable system. When this file is executed, it creates the following file:
C:\Documents and Settings\Administrator\Application Data\Micorsoft\HTML Help\hh.dat
It then deletes the following registry key:
HKEY_LOCAL_MACHINE\Software\Classes\.htm\OpenWithList\Notepad
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine