Exp/20124792-B
Posted: January 8, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 6,504 |
|---|---|
| Threat Level: | 2/10 |
| Infected PCs: | 4,640 |
| First Seen: | January 8, 2013 |
|---|---|
| Last Seen: | October 9, 2023 |
| OS(es) Affected: | Windows |
Exp/20124792-B is a PC threat that's associated with websites hosting a zero-day exploit that attacks Internet Explorer-using PCs. By referencing an object that is either deleted or referenced improperly, Exp/20124792-B can execute arbitrary and malicious code, typically for the purpose of installing malicious software onto the target computer. Exp/20124792-B has been associated with two compromised websites in the wild and, at this time, does not have a patch to correct its corresponding IE vulnerability. For the time being, SpywareRemove.com malware researchers suggest that you avoid any and all potentially dangerous websites and keep anti-malware software on-hand for deflecting any vulnerability-exploiting attacks like Exp/20124792-B.
Exp/20124792-B: the Web Page that Chooses Your PC's Software for You
Exp/20124792-B and other PC threats that are related to Internet Explorer's CVE-2012-4792 vulnerability have been noted in two separate sites so far that appear to have been hacked and forced to host the attack. These sites, which SpywareRemove.com malware analysts have confirmed as an Iranian oil company's page and a news site for the Uyghurs of East Turkestan, display all their usual (harmless) content, but also have been modified to include triggers for IE-based attacks.
These 'trigger' HTML pages are denoted by the label of Exp/20124792-B, and Internet Explorer versions 6 through 8 are at risk for Exp/20124792-B's corresponding vulnerability, but other brands of web browsers are unaffected. As is standard for drive-by-download attacks, there aren't any visual symptoms of their occurrence, and you may be unable to detect them at all without anti-malware protection.
The exact structure of the attack can vary, as Exp/20124792-B has been seen in conjunction with both malicious JavaScript content and malicious Flash content. If Exp/20124792-B gains access to a PC that's running Internet Explorer, Exp/20124792-B will install malware such as Troj/Agent-ZMC, compromising the security and privacy of your PC.
Keeping Your Computer Armored Against Exp/20124792-B
Like all new or zero-day exploits, Exp/20124792-B can't be defended against by patching your computer, although Microsoft is expected to announce a security patch in a reasonable time frame. Until then, SpywareRemove.com malware experts strongly encourage the usage of anti-malware software with web-protection features to protect your web-browsing experience. Other common-sense safety measures, such as avoiding sites with a history of serving malware and disabling exploitable features (a la Flash or Java) when they're unnecessary also should be used regularly.
One of Exp/20124792-B's eventual payloads, Troj/Agent-ZMC, has been verified to use functions such as disguising itself as Windows components and modifying your file-viewing settings to protect itself. Outside of thorough anti-malware scans by appropriate software, you shouldn't anticipate being able to detect payloads related to Exp/20124792-B, and you always should be willing to resort to anti-malware products as required to detect or delete Exp/20124792-B's payload.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:deployJava.js
File name: deployJava.jsFile type: JavaScript file
Mime Type: unknown/js
Group: Malware file
Helps.html
File name: Helps.htmlMime Type: unknown/html
Group: Malware file
news.html
File name: news.htmlMime Type: unknown/html
Group: Malware file
xsainfo.jpg
File name: xsainfo.jpgMime Type: unknown/jpg
Group: Malware file
today.swf
File name: today.swfMime Type: unknown/swf
Group: Malware file
exploit.html
File name: exploit.htmlMime Type: unknown/html
Group: Malware file
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.