Trojan.Downloader.VBS.BL
MEDIUM
LOW
~ 500 bytes
(Trojan.Downloader.VBS.BL)
Symptoms
Internet Explorer pop-ups may appear, redirecting to fake security product websites.
Removal instructions:
Please let BitDefender disinfect your files.
Analyzed By
Dan Anton, virus researcher
Technical Description:
Trojan.Downloader.VBS.BL is a small Visual Basic Script (VBS) that opens a hidden Internet Explorer windows containing the following address:“http://[hide]asmegaportal.com/phandler.php?sid=0&aid=0&pn=&said=0&pid=2&k=[word1]+[word2]”, where [word1] and [word2] are common terms searched on the internet.
This page redirects to:
“http://www.[hide]em-defender.com/freeware/2/?wmid=6010&mid=MjI6Mzc6MTgxNjM=&lndid=37&p=01”, where users are deceived by a windows security alert-like page (see attached screenshot) and asked to download a fake security product, System Defender, detected by BitDefender as Trojan.Generic.69347.
SHARE
THIS ON