NEWS FROM THE LAB - Wednesday, February 18, 2009

Exploit Shield Protects Against New IE7 Vulnerability Posted by Patrik @ 06:04 GMT

As Sean predicted a week ago, we now have exploit code in-the-wild for MS09-002, a vulnerability in Internet Explorer 7. The exploit downloads a file named jc.exe from a server in China.

Exploit:W32/JSShell.A is our detection name for the exploit and the downloaded file is Trojan-Dropper:W32/Agent.JLA. The file jc.exe drops a backdoor detected as Backdoor:W32/Agent.JLA.

It was great to see that F-Secure Exploit Shield proactively protected against the exploit without the need for a shield update. Below is a screenshot of the exploit being blocked with heuristics.

Exploit Shield blocks MS09-002

If you haven't installed the Exploit Shield update already, do so now.

Updated to add: You should also of course install February's Microsoft Updates if you haven't already done so…

Our Vulnerability Description for IE7 provides links to each of the individual updates should you need to install them manually.