Trojan.IFrame.BI

SINTOMI:

This is a script virus, and due to it's generic nature, there are no obvious symptoms. However, unusual internet traffic might be observed, as well as suspicious running processes and unwanted files.

DESCRIZIONE TECNICA:

Trojan.IFrame.BI is a small html code that opens a hidden browser window from the followind address:
http://(removed)/in.cgi?6
http://(removed)/~fen0men/ice/index.php
http://(removed)/in.cgi?2
http://(remove)/tds.php?th=345
http://(remove)/counter.php
http://(remove)/berbj/snow.php?adv=845
http://(remove)/check/upd.php?t=599
http://(remove)/tds/in.cgi?2
http://(remove)/if/preif.php

These adresses contain other Trojan.IFrames that are chained togheter and redirect in the end to a number of exploit scripts that download and install trojans. Due to the complex chaining sistem that this Trojan.IFrame uses, the exploit scripts and the Trojans that they download may change.

ISTRUZIONI DI RIMOZIONE:

Please let BitDefender disinfect your files.

ANALIZZATO DA:

Cristian Lungu, virus researcher