Hi malware fighters,
This attack could pose a serious security threat and may damage your computer.
This signature detects a remote code execution vulnerability in the Microsoft Internet Explorer.
Microsoft Internet Explorer is a browser for the Windows operating system.
Internet Explorer is prone to a remote code-execution vulnerability. The issue occurs because an invalid pointer may attempt to access an object after it has been deleted. This may cause memory to become corrupted. This issue affects the ‘iepeers.dll’ library.
Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions.
Affected
* Microsoft Internet Explorer 6.0, 7.0 The issue has not been patched as far as known now..
Where? Status of site is dangerous:
There is also this: wXw.sejib.com.com/ ???
Drive-By Downloads
Threats: 5
Threat Name: HTTP IE Attribute Handler Code Exec
Location: htxp://www.sejib.com/tupian/mingxingjiqing/
Threat Name: HTTP IE Attribute Handler Code Exec
Location: htxp://www.sejib.com/tupian/qingchunweimei/
Threat Name: HTTP IE Attribute Handler Code Exec
Location: htxp://www.sejib.com/xiaoshuo/qiangjianxilie/
Threat Name: HTTP IE Attribute Handler Code Exec
Location: htxp://www.sejib.com/xiaoshuo/xingaijiqiao/
Threat Name: Direct link to HTTP IE Attribute Handler Code Exec
Location: htx://www.sejib.com/
And a virus here:
Threat Name: W32.Wapomi
Location: htxp://www.sejib.com/%CE%D2%BA%CD%D0%A1%BD%E3%BF%AA%B7%BF%B9%FD%B3%CC.av.exe
See: htxp://jsunpack.jeek.org/dec/go?report=cb0539ace521cd698efd0768d1774a95ec5c1874
Also a suspicious link now here: bo.27rb.com suspicious - displaying 1 of 1
* <A> 日韩影院 - htxp://bo.27rb.com
http://www.google.com/safebrowsing/diagnostic?site=bo.27rb.com
Then there is this suspicious link:
src=htxp://z.link88.be/zclick.js> But is says Server:[error]!
polonus