About: Worm:Win32/Exploit-SWFRedirector.b

Description
Metadata
Settings
- owl:sameAs
- Inference Rule:

About: Worm:Win32/Exploit-SWFRedirector.b Sponge Permalink

An Entity of Type : owl:Thing, within Data Space : dbkwik.webdatacommons.org associated with source dataset(s)

A swf based attack was found targetting Live Journal (livejournal.com). This attack which employs the use of Action Scripts, attempts to collect username, email addr and "last post" related information. The SWF file is embedded as a part of a post. Any user that reads and infected post would be vulnerable to loss of private information and may have their post appended with the malicious SWF file. In this way the worm retrieves user information while spreading. Network activity to the followings domains are related to this attack:

Attributes	Values
rdfs:label	Worm:Win32/Exploit-SWFRedirector.b
rdfs:comment	A swf based attack was found targetting Live Journal (livejournal.com). This attack which employs the use of Action Scripts, attempts to collect username, email addr and "last post" related information. The SWF file is embedded as a part of a post. Any user that reads and infected post would be vulnerable to loss of private information and may have their post appended with the malicious SWF file. In this way the worm retrieves user information while spreading. Network activity to the followings domains are related to this attack:
dcterms:subject	Win32 Worm Win32 worm Exploit worm
dbkwik:malware/pro...iPageUsesTemplate	dbkwik:resource/HovNODxkCDeUNKY2k5WKBg== dbkwik:resource/YKgLOQg-jjW-_izFLEkC4Q== dbkwik:resource/JZK7RwE-9uTp7P-hk7qJrA==
abstract	A swf based attack was found targetting Live Journal (livejournal.com). This attack which employs the use of Action Scripts, attempts to collect username, email addr and "last post" related information. The SWF file is embedded as a part of a post. Any user that reads and infected post would be vulnerable to loss of private information and may have their post appended with the malicious SWF file. In this way the worm retrieves user information while spreading. Network activity to the followings domains are related to this attack: * simplecdn.net * bit.ly * cancelar.biz * fpv-guru.hu * lucidguild.net Exploit-SWFRedirector.b is a detection for SWF related exploits. They may cover a broad range of detections that may encompass Action Scripts written with malicious intent, such as those that may cause redirection to websites which may host exploits.

OpenLink Virtuoso version 07.20.3217, on Linux (x86_64-pc-linux-gnu), Standard Edition
Data on this page belongs to its respective rights holders.
Virtuoso Faceted Browser Copyright © 2009-2012 OpenLink Software