Tuesday, March 30, 2010

ESET Nod32 detection of CVE-2010-0806

March 30, 2010 ESET quickly corrected the false positive and there should be no more alarms. Please update your AV definitions.

The following links are being detected by ESET Nod32 as JS/Exploit.CVE-2010-0806 trojan. However, I looked at the js files and i do not see the CVE-2010-0806 exploit in them. They seem to be false positives - some sort of ads scripts.


    * hxxp://assets.loomia.com/js/clixdom.js
    * hxxp://widget-cache.loomia.com/js/onewidget_clix.js
    * hxxp://a.l.yimg.com/a/lib/s5/searchpad_core_metro_js_200911061221.js

 File clixdom.js received on 2010.03.30 15:51:37 (UTC)
Result: 1/42 (2.38%)
NOD32     4985     2010.03.30     JS/Exploit.CVE-2010-0806

Let me know if I am wrong.

Thanks -M

P.S. I just found this discussion related to it JS/EXploit.CVE-2010-0806 trojan on Yahoo



2 comments:

  1. This is a false positive and has been corrected by Eset in the latest update to Nod-32. If you do the update(s) you will notice this stops coming up.

    ReplyDelete