Description
This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
Indication of Infection
There are no obvious signs of infection. AVERT has received field samples that use this exploit to create a registry script file, and merge it into the system registry. This script simply altered the default start page of Internet Explorer.
Methods of Infection
This exploit makes use of a security vulnerability affecting Internet Explorer and certain email clients, such as Outlook and Outlook Express.