The Antivirus Guy Blog

Keeping people up to date with antivirus and security information

Trend Micro – JS_WINDEXP.A – Malicious JavaScript that uses 0-Day IE vulnerability

Trend Micro now has a listing for a “malicious JavaScript” called JS_WINDEXP.A  that uses the unpatched IE vulnerability outlined in Microsoft Security Advisory (911302).

Technical details are as follows:


This malicious JavaScript is downloaded on an affected system whenever the user accesses the following Web sites:

It takes advantage of the Windows buffer overflow vulnerability in Internet Explorer to remotely execute codes on an affected system. More information on this vulnerability can be found in the following Microsoft Web page:

Furthermore, this JavaScript downloads the indicated malware programs from the following sites:

  • http://afris.{BLOCKED}biz – KEKS.EXE detected by Trend Micro as TROJ_DLOADER.AUS
  • http://afris.{BLOCKED}biz/first – ALL.EXE detected by Trend Micro as TROJ_DELF.OP

This JavaScript runs on Windows 98, ME, NT, 2000, XP, and Server 2003.

This appears to be the same Trojan\virus that is mentioned in a Internet Storm Center post for today, that is described in Microsoft’s new Malicous Software Encyclopeida as TrojanDownloader:Win32/Delf.DH The listing on this site has this malware being first discovered on 11/29/05.


December 1, 2005 - Posted by | Antivirus News, Security News

No comments yet.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: