JS_DLOAD.MD/IE7 0-day Exploit

Details On December 10, 2008 2:06pm (GMT +8) TrendLabs received a report stating that there is a zero day IE7 exploit discovered in a China forum. The said toolkit was being sold in China underground community. The exploit method used is a Heap Spray on SDHTML that affects the following platform : Internet Explorer 7.0 (7.0.5730.13) Windows XP / Windows 2003 The behavior of the malware after exploit is it will download/redirect to the following URL's wwwwyyyyy.cn and qqqqttrr.cn As of December 10, 2008 2:06PM (GMT +8) Microsoft does not have any patch on this exploit. Solution URL FILTERING: Domain cc4y7.cn {BLOCKED} wwwwyyyyy.cn {BLOCKED} qqqqttrr.cn {BLOCKED} www-onlinedown.com {BLOCKED} hxxp://wieyou.com/iiee/explore.exe {BLOCKED} hxxp://baidu.bbtu001.com {BLOCKED} sllwrnm5.cn {BLOCKED} VSAPI: December 10, 2008 12:13:29 PM OPR 5.699.00 has been released including the following detections: TROJ_GAMETHI.BPF TROJ_PATCH.KU OPR: 5.701.00 is already released JS_DLOAD.MD TSPY_ONLINEG.EJH TSPY_ONLINEG.EJG TSPY_ONLINEG.EJG TSPY_ONLINEG.HAV TSPY_ONLINEG.EJG TSPY_ONLINEG.ADR VIRUS REPORT: More detailed description of this malware can be found at the following link: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS%5FDLOAD%2EMD