Follow:

 

Exploit:JS/Sykipot.A


Exploit:JS/Sykipot.A is a detection for obfuscated script files that exploit a vulnerability in Internet Explorer. The vulnerability has been resolved with the release of Microsoft Security Update MS10-018.


What to do now

To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as Microsoft Security Essentials, or the Microsoft Safety Scanner. For more information about using antivirus software, see http://www.microsoft.com/security/antivirus/av.aspx.
Additional recovery instructions
This malware exploits a vulnerability in Microsoft Internet Explorer that has been resolved with Microsoft Security Update MS10-018. Install the security update to prevent this malware from re-infecting your computer.

Threat behavior

Exploit:JS/Sykipot.A is a detection for obfuscated script files that exploit a vulnerability in Internet Explorer. The vulnerability has been resolved with the release of Microsoft Security Update MS10-018.
 
Once Exploit:JS/Sykipot.A successfully exploits the vulnerability, it can execute arbitrary code. The following shellcode detections are observed to be associated with Exploit:JS/Sykipot.A:
 
 
These exploits usually attempts to download and execute arbitrary files from certain domains. Some of the domains they are known to connect to are:
 
  • lagoon.org/nte/
  • gghbtyagthr.com/nte/
  • qjieaicqfir.com/nte/
 
As of these writing, the above domains are not available.
 
Analysis by Francis Allan Tan Seng

Symptoms

There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).

Prevention


Alert level: Severe
First detected by definition: 1.81.100.0
Latest detected by definition: 1.93.731.0 and higher
First detected on: Apr 21, 2010
This entry was first published on: May 04, 2010
This entry was updated on: Apr 17, 2011

This threat is also detected as:
  • Exploit.JS.CVE-2010-0806.j (Kaspersky)
  • Exploit.JS.CVE-2010-0806 (Ikarus)
  • JS.Sykipot (Symantec)
  • JS_SYKIPOT.F (Trend Micro)