Exploit:JS/Mult.DJ is a detection for an obfuscated JavaScript often distributed through compromised websites. It is designed to exploit multiple known vulnerabilities in the web browser.

JS/Mult describes a group of threats, written in JavaScript, that attempt to exploit multiple vulnerabilities on affected computers in order to download, execute or otherwise run arbitrary code. The malicious JavaScript may be hosted on compromised or malicious websites, embedded in specially crafted PDF files, or could be called by other malicious scripts.

Exploit:JS/Mult.AH is a malicious JavaScript that attempts to execute multiple instances of code to exploit a potentially vulnerable operating system environment. The malware could download arbitrary files and send details about the affected computer to a remote attacker.

Exploit:JS/Mult.CR is a detection for a malicious shellcode that exploits a vulnerability in Internet Explorer (CVE-2010-0806) that could allow remote execution of arbitrary code.

Exploit:JS/Mult.DX is the generic detection for malicious JavaScript code that is found in certain compromised websites. It executes when the user visits the website.

Exploit:JS/Mult.K is detection for a JavaScript trojan that runs multiple vulnerability exploitations in order to download, execute or otherwise run arbitrary code. The malicious JavaScript trojan may be hosted on compromised Web sites.

Exploit:JS/Mult.BN is a generic detection of obfuscated malicious code that may be used to exploit vulnerabilities in different software, in order to download and execute arbitrary files from a remote server.

Exploit:JS/Mult.BF is a detection for malicious shellcode that attempts to exploit certain vulnerabilities in order to download and run arbitrary files. The shellcode is obfuscated.

 

Some files detected as Exploit:JS/Mult.BF may arrive in the system when a user browses certain sites using a vulnerable version of Internet Explorer. When a webpage that includes Exploit:JS/Mult.BF is loaded, the shellcode is executed in the system.

 

In the wild, this exploit may download a trojan detected as TrojanDropper:Win32/Letrofen.A in systems that do not have the Microsoft Security Bulletin MS09-002 update installed.

Exploit:JS/Mult.L is a detection for code that attempts to exploit particular vulnerabilities in order to download, execute or otherwise run arbitrary files. This malicious code may be hosted on compromised Web sites, and called by other malicious scripts - in the wild, we have observed Exploit:JS/Mult.L being used in this way by Trojan:JS/Iframeinject.A.

Exploit:JS/Mult.AF is a detection for code that exploits a certain vulnerability in Internet Explorer 7 in order to download and run arbitrary files.

 

Files detected as Exploit:JS/Mult.AF may arrive in the system when a user browses certain sites using a vulnerable version of Internet Explorer. When a webpage that includes Exploit:JS/Mult.AF is loaded, the vulnerability in Internet Explorer is exploited.

 

Exploit:JS/Mult.AG is a detection for malicious shellcode that attempts to exploit certain vulnerabilities in order to download and run arbitrary files. The shellcode is obfuscated.

 

Some files detected as Exploit:JS/Mult.AG may arrive in the system when a user browses certain sites using a vulnerable version of Internet Explorer. When a webpage that includes Exploit:JS/Mult.AG is loaded, the shellcode is executed in the system.

 

This is the case for files detected as Exploit:JS/Mult.AG that may be associated with a vulnerability in Internet Explorer as discussed in Microsoft Security Advisory (961051). Users are advised to refer to these resources for more information.

 

Exploit:JS/Mult.AI is a detection for code that exploits a certain vulnerability in Internet Explorer 7 in order to download and run arbitrary files.

 

Files detected as Exploit:JS/Mult.AI may arrive in the system when a user browses certain sites using a vulnerable version of Internet Explorer. When a webpage that includes Exploit:JS/Mult.AI is loaded, the vulnerability in Internet Explorer is exploited.

 

Exploit:JS/Mult.AE is a detection for malicious shellcode that attempts to exploit certain vulnerabilities in order to download and run arbitrary files. The shellcode is obfuscated.

 

Some files detected as Exploit:JS/Mult.AE may arrive in the system when a user browses certain sites using a vulnerable version of Internet Explorer. When a webpage that includes Exploit:JS/Mult.AE is loaded, the shellcode is executed in the system.

 

This is the case for files detected as Exploit:JS/Mult.AE that may be associated with a vulnerability in Internet Explorer as discussed in Microsoft Security Advisory (961051). Users are advised to refer to these resources for more information.

 

Exploit:JS/Mult.BM is a generic detection for malicious HTML files that reference exploit code in malicious and specially crafted QuickTime media files (detected as Exploit:Win32/CVE-2009-1537). The malicious QuickTime media files exploit a vulnerability that could allow remote code execution.

 

If successful exploitation occurs, this exploit may download other malware in the system.

 

Microsoft Security Advisory 971778 discusses in greater detail the vulnerability that is currently exploited.

Exploit:JS/Mult.AD is the detection for code that attempts to exploit particular vulnerabilities to download and execute arbitrary files. This code may be hosted on compromised or malicious Web sites, and called by other malicious scripts. The vulnerabilities may vary according to sample.

 

It is common for this detection to trigger on a user's Internet cache. This may indicate that the user has recently visited a Web site that has attempted to download and execute files on their computer.

Exploit:JS/Mult.BS is the generic detection for obfuscated shellcode embedded in JavaScript that downloads and executes files from a remote server. It is usually embedded in a JavaScript file hosted in a compromised or malicious Web site. When the page containing the JavaScript is accessed, for example if a user visits a compromised site, the JavaScript is executed, triggering the shellcode to run.

Exploit:JS/Mult.CY is a generic detection for the obfuscated shellcode embedded in a JavaScript that attempts to exploit a vulnerability in the Microsoft Video ActiveX Control (CVE-2008-0015), resulting in the potential download and execution of files from a remote server.

Exploit:JS/Mult.DA is a detection for obfuscated scripts using a specific JavaScript packer. Scripts detected as Exploit:JS/Mult.DA attempt to exploit the HTML Object Memory Corruption Vulnerability in Internet Explorer. This vulnerability is discussed in, and mitigated using, the Microsoft Security Bulletin MS10-002.

Exploit:JS/Mult.DK is a detection for malicious JavaScript which attempts to exploit a vulnerability in Adobe Reader via the user's web browser.