HighDownload.Ject, also known as JS.Scob.Trojan, Scob, and JS.Toofeer, is a Trojan that executes a JavaScript file from a remote server. The Trojan affects Microsoft Internet Information Services (IIS) version 5.0 and exploits a vulnerability in Microsoft Security Bulletin MS04-011. An attacker can append an executable file to a Web page that exists on a server running IIS. When a victim requests a Web page containing the executable from the server, the Trojan is downloaded and executed on the victim's system.
Apply the appropriate patches for your system, as listed in Microsoft Security Bulletin MS04-011. See References.
Microsoft Security Bulletin MS04-011
Security Update for Microsoft Windows (835732)
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx
Microsoft.com Web site
What You Should Know About Download.Ject
http://www.microsoft.com/security/incident/download_ject.mspx
IBM Internet Security Systems X-Force Database
Microsoft Internet Explorer Location: header bypass restrictions
http://xforce.iss.net/xforce/xfdb/16348
IBM Internet Security Systems X-Force Database
Microsoft Internet Explorer ADODB.Stream object code execution
http://xforce.iss.net/xforce/xfdb/16394
IBM Internet Security Systems X-Force Database
Microsoft Internet Explorer Shell.Application
http://xforce.iss.net/xforce/xfdb/16648
ISS X-Force
Download.Ject JavaScript server side execution
http://www.iss.net/security_center/static/16544.php
CVE CVE-2004-0549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0549
