Trojan Win32/Delf.DH
It has been observed that a Trojan downloader TrojanDow nloader:Win32/Delf.DH is circulating in internet to exploit the "window()" object vulnerability in Microsoft Windows Internet Explorer described in CERT-In Vulnerability Note CIVN-2005-112. This Trojan downloads TrojanDownloader:Win32/Delf.AH to the infected computers.
This Trojan downloader has aliases Downloader.Trojan, Trj/downloader.DCQ, Downloader-ABU.
When a user visits certain malicious websites:
- A file named KVG.exe or keks.exe (detected as TrojanDownloader:Win32/Delf.DH) is automatically downloaded from the Web site to the user startup folder.
<user's Startup folder>\kvg.exe or keks.exe
- This Trojan downloader then downloads and runs another Trojan downloader every five minutes and saves it in the Windows system folder as all.exe. (detected as TrojanDownloader:Win32/Delf.AH)
Since the patch for this vulnerability is yet to be released by the vendor certain workaround have been suggested by the Microsoft in the advisory 911302.
Since this Trojan is circulating in the wild users are advised to disable active scripting, update their Anti Virus software and exercise caution while visiting untrusted websites.
Microsft has released patches for this vulnerability on December 13, 2005. This security issue is described in detail in CERT-In vulnerability note CIVN-2005-112 and CIVN-2005-116.
For further details regarding the window() vulnerability in IE and disinfection from the Trojan Win32/Delf.DH refer the following URLs:
References
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91 11-24368572
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
