Well, well… looks like someone has been singing along to one of Jay Chow’s songs while coding an exploit that corresponds to a vulnerability in Internet Explorer, which was addressed in Microsoft Security Bulletin MS10-018. The exploit that targets on the Peer Object component (iepeers.dll) in IE has been found in the wild, and today it was detected while attempting to exploit on the client browser.

After decoding from a shellcode, it will download the payload and will be detected as Trojan:W32/KillAV.LD.

The JavaScript used to exploit the vulnerability is shown below:

jaychowexploit

Upon a closer look, you will notice that the variable and function names were actually referring to some Chinese characters with specific meanings. Those are a mix of song lyrics in a childhood song and a song by Jay Chow, a Taiwanese singer.

jaychowexploit2