Troj/20121889-B

Troj/20121889-B Description



Troj/20121889-B is a Trojan that comes armed with a detection for samples that try to exploit a vulnerability in Microsoft XML Core Services which could allow Remote Code Execution (CVE-2012-1889). Troj/20121889-B detection has been recently reported on the website of the European medical company that was exploiting the CVE-2012-1889 vulnerability. A few files have been inserted into the compromised website. The file named ‘deploy.html’ includes the vulnerability and loads ‘deployJava.js’, a JavaScript library that determines information about the visiting browser program. The file ‘deploy.html’ also tries to execute the file named ‘movie.swf’ with the intriguing parameters ‘[?apple='. In the end, 'deploy.html' loads an iframe to 'faq.htm'. Troj/20121889-B protects against the 'deploy.html' and 'faq.htm files'.
Download SpyHunter Spyware Scanner

Troj/20121889-B Automatic Detection Tool (Recommended)


Is your PC infected with Troj/20121889-B? To safely & quickly detect Troj/20121889-B, we highly recommend you run the malware scanner listed below.



Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
  • The following files were created in the system:
    # File Name Detection Count
    1 faq.htm 14
Posted: June 20, 2012 | By
Share:
Follow Me on Pinterest More More
Threat Level: 9/10
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Rate this article:
Detection Count: 225
Home Malware ProgramsTrojans Troj/20121889-B

Leave a Reply

What is 8 + 13 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)