This application requires Javascript for optimal performance.

SWF/Sorlus.64F6!exploit - Released Jul 22, 2009 - Last Updated Jul 23, 2009

Alias/es

Exploit/CVE-2009-1862, Trojan.Exploit.Pidef!IK, SWF.FlashExploit.D, Exploit.SWF.Agent.bt

Detection Availability

Active DatabaseExtended Database
FortiGate
low
high
FortiClient
FortiMail N/A

CVE

2009-1862

Visible Symptoms

  • The following file may exist:
    • %Windows%\ime\wmimachine2.dll: detected as W32/Bublik.LLD!tr.

    Detailed Analysis


    SWF/Sorlus.64F6!exploit is the detection for the malicious SWF file that attempts to exploit a vulnerability in Adobe Flash Player, as described in the Security Bulletin APSA09-03. The first circulated SWF files have been observed to download and install a Win32 trojan, which is detected as W32/Bublik.A!tr.

    Visit the following links for more information about the vulnerability:

    Recommended Action

      FortiGate Systems

    • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

      FortiClient Systems

    • Quarantine/delete files that are detected and replace infected files with clean backup copies.

    Reference: ID - 950943