SHARE
THIS ON

Facebook Twitter Google Plus

Trojan.Script.254568

MEDIUM
MEDIUM
aprox 1kb
(JS/ShellCode.J, Heuristic.Script.Crypted, Mal/Badsrc-D)

Symptoms

A cookie saved by the user's browser named "CoreBeta".

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Daniel Chipiristeanu, virus researcher

Technical Description:

The Trojan is a special written JavaScript, designed in a cryptic way in order to avoid detection or to make the code harder to be read.

First it checks for a specific cookie named "CoreBeta" in order to verify if the system was already attacked. If the cookie isn't found then it's created and set to expire in one day. After this, it decrypts some of its own code, inserting in the page several other masked components. If the cookie is found then the user gets an "about:blank" page.

Antivirus Software For Home Users
Business Security Solutions
Latest News
Tools & Resources