The Java/Bizex.A is used for downloading and executing two windows binaries and informing server where user_bx.html was downloaded whether operation was successful including users browser and user agent version information. The USER_BX.HTML file downloads and tries to execute Java trojan downloader nocheat.jar (detected as Java/Bizex.A). The MEINE.SCM file is downloaded from the same site and the USER_BX.HTML file is downloaded from a different website. The HTML page concerned tries to autoexecute these 2 files: meine.scm This exploit allows automatic execution of target files when Internet Explorer web browser is used.
When a recipient clicks on a link, he/she is redirected to a website that has an HTML page with IFrame exploit. Bizex worm spreads by sending an HTTP link to all ICQ contacts of an infected user.
0 kommentar(er)
