Exploit.HTML.Ascii.ae

From Total Malware Info

This Exploit uses Internet Explorer (CVE-2006-3227) in its proceeding. It’s HTML-page (HTML-program). It is unpacked and has size 3616 bytes.

Payload

The malware changes visual configuration of web-pages in Internet Explorer and also bypass content filter, because of the wrong interpretation in 8-bits ASCII symbols. The hidden script downloads the harmful code by using the vulnerability of the buffer overflow in Global Link control:

• http://pic.16.vg/S368/S3682.exe

Downloaded file size is 1436 bytes and detected by Kaspersky Antivirus as Trojan-Downloader.Win32.Tiny.eo.

Removal Instructions

If your computer wasn’t protected by Antivirus and was infected by this malware, you should perform next actions:
1. Delete the downloaded file:
   • S3682.exe
2. For additional information about vulnerability see here:
   • http://www.securityfocus.com/bid/26244
   • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3227
3. Update your antivirus databases and perform a full scan of your computer with Kaspersky Antivirus.