Nexpose Vulnerability Database
Download.Ject - IIS Malware (aka JS.Scob.Trojan)
Severity |
CVSS |
Published |
Added |
Modified |
|---|---|---|---|---|
| Critical (9) | 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Mar 7, 2006 | Mar 7, 2006 | Jan 28, 2011 |
Description:
Download.Ject (aka JS.Scob.Trojan) is a malware written in JavaScript affecting Microsoft IIS servers. It is believed that the malware is first installed on IIS servers by exploiting old unpatched IIS vulnerabilities. Then, Download.Ject makes use of the footer feature from IIS to append a JavaScript file to the end of every file served by IIS. This JavaScript file subsequently attempts to exploit various Internet Explorer vulnerabilities to install backdoors and trojans from a remote web site.
References:
- MSKB: http://support.microsoft.com/default.aspx?scid=kb;EN-US;871277
- URL: http://securityresponse.symantec.com/avcenter/venc/data/js.scob.trojan.html
Solution:
Remove and Recover from Download.Ject
Follow Microsoft's instructions to remove Download.Ject from infected servers: http://support.microsoft.com/kb/871277. Additional information can be found on this page: http://www.microsoft.com/security/incident/download_ject.mspx.
Information on these pages is summary information extracted from the Nexpose Vulnerabilty Assessment system. Full details are provided within the Nexpose product for licensed users.
