|Detected||Jul 18 2011 22:14 GMT|
|Released||Jul 19 2011 08:06 GMT|
|Published||Oct 10 2011 07:00 GMT|
After opening the infected site in the browser, the trojan tries to open an external resource in the hidden frame. Depending on the version, it opens various resources which may be malicious, e.g.:
http://***ngurj.com/count11.php http://***bili.com/count3.php http://***cord.com/count1.php http://***oas.com/count0.php http://***tial.com/count30.php http://***metal.com/count29.php http://***huxnh.cz.cc/count27.php http://***huxnh.cz.cc/count28.php http://***jpzrv.cz.cc/count26.php http://***jpzrv.cz.cc/count25.php http://***umzmi.cz.cc/count23.php http://***dqonv.cz.cc/count22.php http://***wpcn.cz.cc/count21.php http://***arer.com/count20.php http://***exper.com/count19.php http://***elli.com/count5.php http://***cosi.com/count2.php http://***msroy.cz.cc/count21.php http://***stor.com/count28.php http://***sfbvksbfvkfsbvks.ru/index.php?tp=41e8265b85752fe4These links did not work when creating the description.
If your computer has not been protected with anti-virus software and has been infected with malware, you will need to take the following actions to delete this:
%Temporary Internet Files%
Programs classified as Trojan-Downloader download and install new versions of malicious programs, including Trojans and AdWare, on victim computers. Once downloaded from the Internet, the programs are launched or included on a list of programs which will run automatically when the operating system boots up.
Information about the names and locations of the programs which are downloaded are in the Trojan code, or are downloaded by the Trojan from an Internet resource (usually a web page).
This type of malicious program is frequently used in the initial infection of visitors to websites which contain exploits.