HTML/Sorlus.C920!tr

Alias/esTrojan.JS.Agent.ake, JS/Flash.F
Release DateJul 22, 2009
Detection Availability
Active DatabaseExtended Database
FortiGatelowhigh
FortiClient
FortiMailN/A
Current Antivirus Definition Database Version: 12.202
CVE2009-1862
Description

Visible Symptoms

  • The following file may exist:
    • %Windows%\ime\wmimachine2.dll : detected as W32/Bublik.LLD!tr.

    Detailed Analysis


    HTML/Sorlus.C920!tr is the detection for the HTML file that contains malicious JavaScript that attempts to exploit a vulnerability in Adobe Flash Player, as described in the Security Bulletin APSA09-03.

    This vulnerability can be triggered by loading a malicious SWF file, which Fortinet detects as SWF/Sorlus.64F6!exploit. When this malicious SWF file is opened in an affected system, it will execute a shellcode to download and run a trojan, which is slightly obfuscated by a partial XOR'ing operation. The trojan is detected as W32/Bublik.A!tr.


    Visit the following links for more information about the vulnerability:


    Description Last Updated Date: Jul 23, 2009
    Reference: ID - 950941