Home / malwarePDF  

JS/Bepexp


First posted on 20 March 2012.
Source: Microsoft

Aliases :

There are no other names known for JS/Bepexp.

Explanation :

JS/Bepexp is a family of JavaScript malware that loads multiple exploits in an attempt to compromise the host system, when browsing webpages containing the script. Various software vulnerabilities may be targeted, depending on the target system configuration.


Top

JS/Bepexp is a family of JavaScript malware that loads multiple exploits in an attempt to compromise the host system, when browsing webpages containing the script. Various software vulnerabilities may be targeted, depending on the target system configuration.



Installation

This heavily obfuscated malicious JavaScript may be encountered when visiting compromised or intentionally modified web pages that contain the script. An affected user may be redirected to the landing page by spammed messages containing links or by other compromised websites.



Payload

Downloads arbitrary files

JS/Bepexp attempts to execute code that exploits vulnerabilities with the following CVE Identifiers:

  • CVE-2010-0188 - Unspecified vulnerability in Adobe Reader and Adobe Acrobat (multiple versions)
  • CVE-2010-0840 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE and Java for Business (multiple versions)
  • CVE-2010-0886 - Unspecified vulnerability in the Java Deployment Toolkit (JDTK) component in Oracle Java SE and Java for Business (multiple versions)
  • CVE-2010-3552 - Unspecified vulnerability in the New Java Plug-in component in Java SE and Java for Business 6 Update 21
  • CVE-2010-4452 - Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business (multiple versions)
  • CVE-2011-0611 - Vulnerability in Adobe Flash Player, Adobe AIR, "Authplay.dll" component in Adobe Reader, Adobe Acrobat (multiple versions and operating systems)


If the affected computer is successfully compromised by the triggered exploit(s), additional malware may be downloaded and executed. The following malware families were observed to be downloaded by JS/Bepexp:

  • Win32/Sirefef
  • Win32/FakeSysdef
  • Win32/Cutwail




Analysis by Shawn Wang

Last update 20 March 2012

 

TOP

Malware :