Home / malware JS/Bepexp
First posted on 20 March 2012.
Source: MicrosoftAliases :
There are no other names known for JS/Bepexp.
Explanation :
JS/Bepexp is a family of JavaScript malware that loads multiple exploits in an attempt to compromise the host system, when browsing webpages containing the script. Various software vulnerabilities may be targeted, depending on the target system configuration.
Top
JS/Bepexp is a family of JavaScript malware that loads multiple exploits in an attempt to compromise the host system, when browsing webpages containing the script. Various software vulnerabilities may be targeted, depending on the target system configuration.
Installation
This heavily obfuscated malicious JavaScript may be encountered when visiting compromised or intentionally modified web pages that contain the script. An affected user may be redirected to the landing page by spammed messages containing links or by other compromised websites.
Payload
Downloads arbitrary files
JS/Bepexp attempts to execute code that exploits vulnerabilities with the following CVE Identifiers:
- CVE-2010-0188 - Unspecified vulnerability in Adobe Reader and Adobe Acrobat (multiple versions)
- CVE-2010-0840 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE and Java for Business (multiple versions)
- CVE-2010-0886 - Unspecified vulnerability in the Java Deployment Toolkit (JDTK) component in Oracle Java SE and Java for Business (multiple versions)
- CVE-2010-3552 - Unspecified vulnerability in the New Java Plug-in component in Java SE and Java for Business 6 Update 21
- CVE-2010-4452 - Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business (multiple versions)
- CVE-2011-0611 - Vulnerability in Adobe Flash Player, Adobe AIR, "Authplay.dll" component in Adobe Reader, Adobe Acrobat (multiple versions and operating systems)
If the affected computer is successfully compromised by the triggered exploit(s), additional malware may be downloaded and executed. The following malware families were observed to be downloaded by JS/Bepexp:
- Win32/Sirefef
- Win32/FakeSysdef
- Win32/Cutwail
Analysis by Shawn Wang
Last update 20 March 2012