User talk:VirusCaution



Indications of Infection

* Unexpected network connections to the mentioned site(s). * CD/DVD tray opening unexpectedly.oh marco.

Risk Assessment - Home Users: 	HIGH - Corporate Users: HIGH Date Discovered: 	12/9/2008 Date Added: 	12/9/2008 Origin: 	N/A Length: 	Varies Type: 	Trojan SubType: 	Exploit DAT Required: 	5459 Virus Family Statistics (over the past 30 days) Virus Name 	Infected Files 	Scanned Files 	% Infected Computers JS/Exploit-XMLhttp 	0 	0 	0.00 JS/Exploit-XMLhttp.a 	1 	48,148 	0.00 JS/Exploit-XMLhttp.b 	5 	71,876 	0.00 JV/Exploit-XMLhttp 	0 	0 	0.00 Virus Characteristics

Exploit-XMLhttp.d is a generic detection for an unidentified buffer overflow vulnerability targeting Internet Explorer 7.x. Older DATs may detect this threat as Exploit-XMLhttp.c or JS/Exploit-BO.gen.

Active exploits were found to be downloading and installing the Downloader-AZN trojan onto vulnerable target machines from the following site(s):

* http://www{blocked}yyy.cn/{blocked}.exe

This variant of Downloader-AZN is already proactively detected in the 5404 DATs since October 13th, 2008. Older DATs may already detect it as New Malware.n when program heuristics are enabled since 2005.

Method of Infection This exploit causes a buffer overflow using an unidentified vulnerability targeting Internet Explorer 7.x.

Removal Instructions There is no remedy for infection at this time, check the official mcafee.com website for updates