Trend Micro Critical Patch Download

Learn about Threat Intelligence by Trend Micro. Protect your critical data with ongoing threat prevention and analysis. Control the patch management life cycle.

Malware type: Script Trojan

Aliases: Exploit.HTML.CodeBaseExec (Kaspersky), Trojan.Dropper (Symantec), TR/Dldr.Helodor.1 (Avira), Troj/Codebase-J (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 95, 98, ME, NT, 2000, XP

Encrypted: No

Overall risk rating:
Reported infections:
Damage potential:	High
Distribution potential:	Low

Description:

This malicious .CHM file is usually found on Web site that contain malicious script.

Upon accessing a malicious Web page that contains this .CHM file, it executes the malware HTML_MHTREDIR.AO. This is made possible via the Microsoft MS04-013 vulnerability. This vulnerability allows malicious CHM files to download and execute files in the system without the users knowledge.

For additional information about this threat, see:

Description created:Jan. 24, 2005 11:26:38 AM GMT -0800

Files Included in Trend Micro OfficeScan 11.0 Service Pack 1 Critical Patch Module Filename Build No. OfficeScan PCCSRV Download Pattern. Trend Micro, Inc. December 2015. Trend Micro™ OfficeScan™ Version 11.0 Service Pack 1 Critical Patch. This readme file is current as of the date above. This Critical Patch installation package automatically rolls back the OfficeScan server to its previous configuration if there. Critical patch 1447 for WFBS 9.5 is now available and can be obtained from the Trend Micro Download Center. This article provides the details for this critical patch release.

TECHNICAL DETAILS

File type: Script

Memory resident: No

Size of malware: 10,896 Bytes

Initial samples received on: Jan 25, 2005

Vulnerability used: (MS04-013) Cumulative Security Update for Outlook Express (837009)

Family: CHM_CODEBASE

Details:

This malicious .CHM file is usually found on Web site that contain malicious script.

Analysis By: Christine Bejerasco

Drive-by-download attack exploits critical vulnerability in Windows Media Player. Microsoft patches critical Windows drive-by bug. The so-called drive-by-download attack identified by Trend. Trend Micro, Inc. Trend Micro™ OfficeScan™. Version 11.0 Service Pack 1 Critical Patch - Server Build 6054 and Agent Module Build 6034. This readme file is current as of the date above. Therefore, the Update Agent always downloads all incremental patterns available in the ActiveUpdate server, regardless of how many of.

Trend Micro Download Installer

SOLUTION

Trend Micro Download Center

Minimum scan engine version needed: 6.810

Pattern file needed: 2.367.00

Pattern release date: Jan 24, 2005

Important note: The 'Minimum scan engine' refers to the earliest Trend Micro scan engine version guaranteed to detect this threat. However, Trend Micro strongly recommends that you update to the latest version in order to get comprehensive protection. Download the latest scan engine here.

Solution:

Important Windows ME/XP Cleaning Instructions

Users running Windows ME and XP must disable System Restore to allow full scanning of infected systems.

Users running other Windows versions can proceed with the succeeding procedure sets.

Running Trend Micro Antivirus

Scan your system with Trend Micro antivirus and delete all files detected as CHM_CODEBASE.C. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro�s online virus scanner.

Applying Patches

This malware exploits known vulnerabilities in Microsoft Windows. Download and install the fix patch supplied by Microsoft. Refrain from using this product until the appropriate patch has been installed. Trend Micro advises users to download critical patches upon release by vendors.

Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network, small and medium business, mobile device or home PC.