The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Special Forums > Security > Malware Advisories (RSS)
Troj_realplay.br Troj_realplay.br
Google UNIX.COM
Forums Portal Register Rules & FAQDonate Members List Arcade Search Today's Posts Mark Forums Read


Malware Advisories (RSS) Malware Security Advisories Via RSS

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Troj_realplay.br iBot Malware Advisories (RSS) 0 05-08-2008 02:40 AM

Reply
 
Submit Tools LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 05-07-2008
iBot's Avatar
RSS Robot Girl
  

Join Date: Sep 2000
Posts: 14,303
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit! Stumble this Post!Spurl this Post!
Troj_realplay.br
This Trojan may be downloaded after a series of redirections triggered by JS_DLDR.AW.
It takes advantage of a known vulnerability in several versions of the media player RealPlayer. The said vulnerability causes a stack overflow and allows the download of possibly malicious files on the affected system.
More information on this vulnerability can be found on here.
Before exploiting the above-mentioned vulnerability, this Trojan first checks if the affected machine is running on Windows 2000 or Windows XP with Internet Explorer 6 or 7. It also checks if RealPlayer is installed on the system and what version of the player is installed to determine the first few bytes of shell code that it writes on the affected system.
It uses a certain import function to send the shell code to the installed RealPlayer application, thus triggering the said exploit. Once it successfully exploits the said vulnerability, this Trojan connects to a certain URL to download TROJ_AGENT.AKVP. As a result, the routines of the downloaded Trojan may be exhibited on the system.


More...
Reply With Quote
Google UNIX.COM
Forum Sponsor
Reply

« Troj_selex.a | Js_dldr.aw »
Thread Tools
Display Modes
Linear Mode Linear Mode


The 50 most popular UNIX and Linux searches.
Google Search Cloud for The UNIX and Linux Forums
"inappropriate ioctl for device" 421 service not available, remote server has closed connection ^m arg list too long ascii eof autosys awk trim bash eval bash exec bash for loop boot: cannot open kernel/sparcv9/unix close_wait command copy/move folder in unix curses.h dead.letter export display find grep grep multiple lines grep or grep recursive grep unique inappropriate ioctl for device logrotate.conf lynx javascript mailx attachment mget mtime perl array length ping port read awk output into multiple variables replace space by comma , perl script scp recursive segmentation fault(coredump) sftp script snoop unix stale nfs file handle syn_sent tar exclude unix unix .profile unix com unix forum unix forums unix interview questions unix memory usage unix mtime unix simulator unix.com vi tab size while loop within while loop shell script


All times are GMT -7. The time now is 03:37 AM.

The UNIX and Linux Forums RSS Feeds - Contact Us - The UNIX and Linux Forums - Archive - Top

Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited.
The UNIX and Linux Forums Content Copyright ©1993-2008 The CEP Blog All Rights Reserved -Ad Management by RedTyger Visit The Global Fact Book

Content Relevant URLs by vBSEO 3.2.0

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101