|Detected||Nov 12 2010 03:26 GMT|
|Released||Nov 12 2010 19:41 GMT|
|Published||Mar 28 2011 10:39 GMT|
This program is a Trojan. It is an HTML page containing Java Script. It is 72 367 bytes in size.
When an infected page is opened in a browser, the user will be shown a message about malicious activity on the computer.
The infected page then imitates an antivirus scanner, which finds nonexistent malware on the victim's computer. The user is then asked, in the guise of system protection, to install a fake anti-virus.
When the user attempts to close the page, the following message is displayed:
If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:
This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.
This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.