Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:EXP/Flash.1275
Date discovered:27/08/2008
Type:Exploit
In the wild:No
Reported Infections:Low to medium
Distribution Potential:Low
Damage Potential:Low to medium
Static file:No
File size:~1.200 Bytes
IVDF version:7.00.06.81 - Wednesday, August 27, 2008

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Symantec: Downloader
   •  Kaspersky: Trojan-Downloader.JS.Iframe.wg
   •  F-Secure: Trojan-Downloader.JS.Iframe.wg
   •  Grisoft: Exploit
   •  Eset: JS/TrojanDownloader.Iframe.NBO trojan


Side effects:
   • Downloads malicious files

 Files It tries to download some files:

– The location is the following:
   • http://max-6.cn/**********/fx.htm
Further investigation pointed out that this file is malware, too. Detected as: HTML/Agent.655


– The location is the following:
   • http://max-6.cn/**********/ms06014.htm
Further investigation pointed out that this file is malware, too. Detected as: HTML/Rce.Gen


– The location is the following:
   • http://max-.cn/**********/GLWORLD.html
Further investigation pointed out that this file is malware, too. Detected as: HTML/Shellcode.Gen


– The location is the following:
   • http://www.hrz**********9.cn/sina.htm
At the time of writing this file was not online for further investigation.

– The location is the following:
   • http://max-6.cn/**********/ss.html
Further investigation pointed out that this file is malware, too. Detected as: EXP/Objsnap.K


– The location is the following:
   • http://max-6.cn/**********/Thunder.html
Further investigation pointed out that this file is malware, too. Detected as: HTML/Shellcode.Gen


– The location is the following:
   • http://max-6.cn/**********/real.htm
Further investigation pointed out that this file is malware, too. Detected as: EXP/RealPlr.CT


– The location is the following:
   • http://max-6.cn/**********/Real.html
Further investigation pointed out that this file is malware, too. Detected as: HTML/Rce.Gen

Description inserted by Thomas Wegele on Monday, October 6, 2008
Description updated by Thomas Wegele on Monday, October 6, 2008

Back . . . .