English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Trojan.JS.Iframe.tm

Detected Jun 11 2011 02:10 GMT
Released Jun 11 2011 04:44 GMT
Published Sep 19 2011 11:27 GMT

Technical Details
Payload
Removal instructions

Technical Details

A trojan program that opens various websites in the browser without the user's knowledge. It is JavaScript. 863 bytes.


Payload

When opening the infected site in the user's browser, the trojan tries to download resources located at the following links in hidden frames:

http://la2z***g.ru/1.html
http://goldf***ters.com/2.html
http://la2gol***ub.com/ndex.html
http://URLT***FO.TK/trafgobn.php?i=16602
http://la2gol**/me.com/index.html
http://iptraf***q.co/trafgon.php?i=2
http://conccuba***ag.narod.ru
http://urlt.***dns.org/?inif=17308&tt=653879077.5
After transferring from these links, it downloads other JS scripts which in turn build a "chain" of hidden frames where the above mentioned malicious resources are downloaded. These actions are carried out in order to "cheat" the counters on these sites and to increase traffic volume. For example, one of the "chains" of hidden frames links to the following resource:
TRAFFIC EXCHANGE, BUY AND SELL IFRAME TRAFFIC
located at the following address:
http://178.**.**.144/


Removal instructions

If your computer has not been protected with anti-virus software and has been infected with malware, you will need to take the following actions to delete this:


MD5: 0724ff471f358563c13147391a849748
SHA1: 93d22894eacf174bb74142667781183ec7e2e578


Bookmark and Share
Share
Trojan

This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.

This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.


Other versions