The Antivirus Guy Blog

Keeping people up to date with antivirus and security information

Trend Micro – JS_ONLOADXPLT.B – Uses MS05-054 Exploit

JS_ONLOADXPLT.B – Description and solution.


This malicious JavaScript contains an exploit code that is triggered upon interaction with the Web page http://www.hyipg{BLOCKED}index.htm. Upon visiting the said Web page, this malicious Javascript that is embedded in the Web page http://www.hyipg{BLOCKED}/image is executed.

It also executes a shell code that causes the download and execution of the file 1.EXE from the Web page http://www.hyipgold{BLOCKED}.com/image. However, the said Web pages are inacessible as of this writing.

Interaction with the aforementioned Web pages may allow malicious users to execute code of choice on the affected system. The said action may enable them to take virtual control of the system.

This malicious JavaScript takes advantage of the File Download Dialog Box vulnerability in Internet Explorer. However, user interaction is required to fully exploit the said vulnerability. For more information on the said vulnerability, please refer to the Microsoft Web page Microsoft Security Bulletin MS05-054.


December 30, 2005 - Posted by | Antivirus News, Security News

No comments yet.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: