This application requires Javascript for optimal performance.

HTML/Sorlus.C920!tr - Released Jul 22, 2009 - Last Updated Jul 23, 2009

Alias/es

Trojan.JS.Agent.ake, JS/Flash.F

Detection Availability

Active DatabaseExtended Database
FortiGate
low
high
FortiClient
FortiMail N/A

CVE

2009-1862

Visible Symptoms

  • The following file may exist:
    • %Windows%\ime\wmimachine2.dll : detected as W32/Bublik.LLD!tr.

    Detailed Analysis


    HTML/Sorlus.C920!tr is the detection for the HTML file that contains malicious JavaScript that attempts to exploit a vulnerability in Adobe Flash Player, as described in the Security Bulletin APSA09-03.

    This vulnerability can be triggered by loading a malicious SWF file, which Fortinet detects as SWF/Sorlus.64F6!exploit. When this malicious SWF file is opened in an affected system, it will execute a shellcode to download and run a trojan, which is slightly obfuscated by a partial XOR'ing operation. The trojan is detected as W32/Bublik.A!tr.


    Visit the following links for more information about the vulnerability:


    Recommended Action

      FortiGate Systems

    • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

      FortiClient Systems

    • Quarantine/delete files that are detected and replace infected files with clean backup copies.

    Reference: ID - 950941