Trojan Loose That Targets Windows Vulnerability

Called Trojan.Jevproxy by Symantec, the malware exploits the Javaprxy.dll vulnerability that was first announced by Microsoft in a security advisory earlier this month. Microsoft has provided a workaround that disables the .dll file, even pushed it out via Auto Update to users, but has not released a patch that solves the root problem.

"Trojan.Jevproxy is a javascript exploit that attempts to download a file" from a Web site, said Symantec. All attempts to download the additional code have been unsuccessful, Symantec added. The Cupertino, Calif.-based company currently ranks the Trojan as a level "1" threat, its lowest rating.

Even so, Symantec recommended that administrators apply the workaround and block communication with the Web site at 218.57.137.86.