I am starting to hear from several ClamXav users that they are being alerted
to BC.Exploit.CVE_2013_0019 infections. Most are in browser caches and one
who had saved some 35 html documents several months ago during a job search.
All had deleted them before I could have them uploaded as FP's, but in
examining the signature, which appears to be new, it does seem to be very
loose:
VIRUS NAME: BC.Exploit.CVE_2013_0019.{}
TDB: Engine:56-255,Target:3
LOGICAL EXPRESSION: (0&2&1)
* SUBSIG ID 0
+-> OFFSET: *
+-> DECODED SUBSIGNATURE:
<iframe
* SUBSIG ID 1
+-> OFFSET: *
+-> DECODED SUBSIGNATURE:
window.open
* SUBSIG ID 2
+-> OFFSET: *
+-> DECODED SUBSIGNATURE:
></iframe
-Al-
--
Al Varnell
Mountain View, CA
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
