|Detected||Dec 09 2010 23:37 GMT|
|Released||Dec 10 2010 08:07 GMT|
|Published||Mar 25 2011 10:34 GMT|
This Trojan opens different websites in the browser without the user's knowledge. It is a Java Script. It is 2852 bytes in size.
Once an infected HTML page is opened, the Trojan sets a "cookie" in the browser until the year 2037 named "cook15" with the current date and time. The Trojan, in order to test the "cookies" functionality, adds to the browser a "cookie" named "test". If "cookies" are disabled in the browser the Trojan ceases running. The Trojan tracks three user clicks on any part of the HTML document if the document is opened in MS Internet Explorer 6.0 and earlier versions or in SV1 browser. It then opens the following web resource in a new browser window:
http://ne***be.org/in.cgi?8&group=dvfrom which the user is redirected to the following web resource:
http://por***platno.com/A malicious script is downloaded from the main page of this web resource:
http://por***platno.com/click3.jsThis file is 3952 bytes in size. It is detected by Kaspersky Anti-Virus as Trojan-Clicker.JS.Agent.op.
In the following browsers:
Opera Netscape Firefox MS Internet Explorer 7.0 MS Internet Explorer 8.0 Safarietc. once the user clicks on any part of the document, the Trojan opens a web resource in a new tab. The Trojan also tracks when the user clicks on any link on the HTML document and then opens the following site in a new window:
If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:
%Temporary Internet Files%
Programs classified as Trojan-Clicker are designed to access Internet resources (usually web pages). This is done either by sending appropriate commands to the browser or by replacing system files that provide “standard” addresses for Internet resources (such as the Windows hosts file).
A malicious user may use Trojan-Clicker programs to: