|Detected||Dec 27 2010 16:49 GMT|
|Released||Dec 27 2010 21:10 GMT|
|Published||Mar 28 2011 12:41 GMT|
This Trojan opens different websites in the browser without the user's knowledge. It is an HTML page containing Java Script. It is 2059 bytes in size.
When an infected page is opened in the user's browser, the following HTML document is displayed:
After the user sends an SMS to the premium rate number, nothing will change on this page. The malware also attempts to execute the script named "fol.js", which is placed on the malicious user's server. This script redirects to other resources, which may contain other malware. At the time of writing, this link was inactive.
If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:
%Temporary Internet Files%
This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.
This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.