Exploit.HTML.ObjData

Class Exploit
Platform HTML
Description

Technical Details

ObjData is an exploit often seen in spam mailings.

ObjData attempts to use the Object Type Vulnerability and Two vulnerabilities that could allow an attacker to cause arbitrary code to run on the user’s system in MS Windows described in the following Security Bulletins:

These vulnerabilities are critical since they allow for the execution of random malicious code when users visit specially constructed HTML pages.

A sample of code from the end of the file:

Decryption of above:

http://www.fatbonuscasino.com/page.php

Once users connect to this site a chain of Trojans hits:

  • Trojandropper.VBS.Zerolin which extracts TrojanDropper.Win32.Small.ei from itself and executes it.
  • Small.ei in turn extracts two more Trojans from itself: TrojanNotifier.Win32.Small.d and TrojanProxy.Win32.Daemonize.j.

Other

If a Kaspersky antivirus product identified this malicious code on your system between 18:00 and 22:00 Moscow time [GMT+3] on 1 November 2004, it is possible that this was a false alarm. We recommend that you update your product and scan again to make sure.