Exp/20121889-A

Posted: June 20, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	9/10
Infected PCs:	63

First Seen:	June 20, 2012
OS(es) Affected:	Windows

Exp/20121889-A is one detection label for an as-of-yet-unpatched exploit that allows arbitrary script to run on websites that viewed with Internet Explorer. Although this exploit can be used for various attacks, expected consequences focus on drive-by-downloads or drive-by installations that install malicious software on the relevant PC. While Microsoft hasn't yet issued a security patch to close the Exp/20121889-A exploit or its associated exploit Sus/20121889-A, PC security companies have been scrambling to update their protection against this latest form of online attack. As long as you keep your security software updated and available to detect live attacks, your computer should be safe from Exp/20121889-A, which may be used to install virtually any type of harmful software – including rogue AV scanners, browser hijackers, Trojans or worms.

Exp/20121889-A: the Real Price of Using a Popular Web Browser

Exp/20121889-A is a form of web page-hosted content that's designed strictly for Internet Explorer; other web browsers can be considered safe from Exp/20121889-A and related exploits (such as Sus/20121889-A and Troj/20121889-B). Exp/20121889-A attacks use the unpatched CVE-2012-1889 exploit to attack vulnerable computers by running unauthorized code. Once Exp/20121889-A is launched, Exp/20121889-A can execute malicious code with all the rights of its current user. Typically, this is used to install a PC threat on the computer in question, although it may also be exploited for other purposes. Since the only thing you need to do to warrant an Exp/20121889-A attack is to visit an Exp/20121889-A-hosting web page with IE, Exp/20121889-A attacks can easily result in severe infections without visible symptoms. At this time, Internet Explorer is incapable of protecting against this attack, although various anti-malware brands are striving to make up for this deficiency until such a time as Microsoft can issue a security patch. At least one website has already been confirmed to host Exp/20121889-A: a hacked medical company site.

Since Exp/20121889-A and closely-related PC threats have only had protection available since mid-June of 2012, you should make updating your anti-malware software a high priority, especially if their databases are older than the above date. Alternately, using other web browsers can also provide an adequate defense against Exp/20121889-A, which is based on a Microsoft Core Services vulnerability that isn't applicable to non-IE brands of browsers.

How to Tell If Your PC is Up for Grabs by Exp/20121889-A

Exp/20121889-A and related vulnerabilities may target various versions of Windows:

Windows 7
Windows Server 2008
Windows XP
Windows Server 2003
Windows Vista

As a high-level PC threat that's almost certain to be used for distributing various types of hostile software, Exp/20121889-A poses a high risk to any computer that's attacked by Exp/20121889-A. SpywareRemove.com malware researchers encourage you to scan your PC immediately after any suspected contact with Exp/20121889-A, since a successful attack is strongly indicative of the presence of additional PC threats on your hard drive.

Exp/20121889-A

Threat Metric

Exp/20121889-A: the Real Price of Using a Popular Web Browser

How to Tell If Your PC is Up for Grabs by Exp/20121889-A

Leave a Reply