Your PC might get infected by this threat by clicking on a link in an email, or simply by visiting either hacked or malicious websites.
Payload (dependent on what plugins are vulnerable)
HTML/Fiexp checks what browser, operating system, and operating system version you are using by identifying it through the User-Agent information. It checks if the platform token as indicated in the user-agent information is Windows NT 6 or later versions. Based in this information, it checks what vulnerable plugins you have installed in your PC.
For Internet Explorer users, Fiexp often checks if Silverlight is installed and enabled. It then checks if you have one of these versions installed:
These versions are vulnerable to the flaw described in CVE-2013-0074. We detect the exploit as Exploit:MSIL/CVE-2013-0074.
Microsoft Internet Explorer
Fiexp also checks if your Internet Explorer is vulnerable to the flaws discussed in CVE-2013-2551 and CVE-2014-0322. We detect these exploits as Exploit:JS/CVE-2013-2551 and Exploit:JS/CVE-2014-0322. If your version of Internet Explorer is vulnerable, it passes on iframe data so that Internet Explorer loads data that triggers the vulnerability to be exploited.
Java Runtime Environment (JRE)
Fiexp checks if you have Java installed, and if so, it checks if it is vulnerable to the flaws discussed in:
Exploits for these vulnerabilities are detected as the following, respectively:
If your version of Java is vulnerable, it passes on iframe data to load a Java applet that triggers the vulnerability to be exploited.
Adobe Flash Player
Fiexp checks if your Adobe Flash Player version is any of these versions:
These versions are vulnerable to a flaw discussed in CVE-2013-0634. We detect the exploit as Exploit:SWF/CVE-2013-0634.
JS/Fiexp variants might also target more recent vulnerabilities, including:
We detect these as Exploit:SWF/CVE-2014-8439 and Exploit:SWF/CVE-2014-0497.
Adobe Acrobat Reader
Fiexp checks if your version of Adobe Acrobat Reader is vulnerable to the exploit discussed in CVE-2011-2104. We detect the exploit as Exploit:Win32/Pidief.
If your PC is vulnerable to any of these flaws, and Fiexp successfully exploits them, it might download more malware into your PC. We've observed these malware families in the same PC as Fiexp and the exploits:
You might also see a detections for crafted exploit files, including:
Please note this list is not exhaustive.
Analysis by Methusela Cebrian Ferrer