This is an update for an earlier blog entry. The web page
containing the exploit code will be detected as JS_DLOADER.BXR
while the downloaded component will be detected as WORM_SPYBOT.DC.
You may read on JS_DLOADER.BXR description by following the link
provided below:
As for customers who use Internet Explorer, disabling the Active
Scripting is suggested as a work around by Microsoft. More details
can be found in the following link:
Another suggestion is to use another internet browser, Mozilla
Firefox or Netscape can do. It’s your choice what browser you want
to use.
Update(Obet, 26 March 2006 13:41:53)
For better detection on this 0-day IE exploit Trend Micro is
currently developing a generic pattern but a Beta version has been
released as EXPL_TXTRANGE.A and EXPL_TXTRANGE.B using CPR version
3.286.06. Trend Micro is still in the process of improving the
pattern for the final release as EXPL_TXTRANGE.GEN for this
exploit. More updates to come. To download the CPR you can click
here
