Class
Exploit
Platform
HTML

Parent class: Malware

Malicious tools are malicious programs designed to automatically create viruses, worms, or Trojans, conduct DoS attacks on remote servers, hack other computers, etc. Unlike viruses, worms, and Trojans, malware in this subclass does not present a direct threat to the computer it runs on, and the program’s malicious payload is only delivered on the direct order of the user.

Read more

Class: Exploit

Exploits are programs that contain data or executable code which take advantage of one or more vulnerabilities in software running on a local or remote computer for clearly malicious purposes. Often, malicious users employ an exploit to penetrate a victim computer in order to subsequently install malicious code (for example, to infect all visitors to a compromised website with a malicious program). Additionally, exploits are commonly used by Net-Worms in order to hack a victim computer without any action being required from the user. Nuker programs are notable among exploits; such programs send specially crafted requests to local or remote computers, causing the system to crash.

Read more

Platform: HTML

Hypertext Markup Language (HTML) is the standard markup language for documents interpreted by web browsers. Markup of most web pages and web applications is written in HTML or XHTML.

Description

Technical Details

ObjData is an exploit often seen in spam mailings.

ObjData attempts to use the Object Type Vulnerability and Two vulnerabilities that could allow an attacker to cause arbitrary code to run on the user's system in MS Windows described in the following Security Bulletins:

These vulnerabilities are critical since they allow for the execution of random malicious code when users visit specially constructed HTML pages.

A sample of code from the end of the file:

Decryption of above:

http://www.fatbonuscasino.com/page.php

Once users connect to this site a chain of Trojans hits:

  • Trojandropper.VBS.Zerolin which extracts TrojanDropper.Win32.Small.ei from itself and executes it.
  • Small.ei in turn extracts two more Trojans from itself: TrojanNotifier.Win32.Small.d and TrojanProxy.Win32.Daemonize.j.

Other

If a Kaspersky antivirus product identified this malicious code on your system between 18:00 and 22:00 Moscow time [GMT+3] on 1 November 2004, it is possible that this was a false alarm. We recommend that you update your product and scan again to make sure.

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Confirm changes?
Your message has been sent successfully.