Trojan.Downloader.VBS.BL

( Trojan.Downloader.VBS.BL )

Diffusione:	medium
Danno:	low
Dimensioni:	~ 500 bytes
Scoperto:	2008 Mar 05

SINTOMI:

Internet Explorer pop-ups may appear, redirecting to fake security product websites.

DESCRIZIONE TECNICA:

Trojan.Downloader.VBS.BL is a small Visual Basic Script (VBS) that opens a hidden Internet Explorer windows containing the following address:

“http://[hide]asmegaportal.com/phandler.php?sid=0&aid=0&pn=&said=0&pid=2&k=[word1]+[word2]”, where [word1] and [word2] are common terms searched on the internet.

This page redirects to:

“http://www.[hide]em-defender.com/freeware/2/?wmid=6010&mid=MjI6Mzc6MTgxNjM=&lndid=37&p=01”, where users are deceived by a windows security alert-like page (see attached screenshot) and asked to download a fake security product, System Defender, detected by BitDefender as Trojan.Generic.69347.

ISTRUZIONI DI RIMOZIONE:

Please let BitDefender disinfect your files.

ANALIZZATO DA:

Dan Anton, virus researcher

Archivi Intelligence Report

Links rapidi » Affiliazione » Nuovo GameSafe » Rinnovo Licenza » Supporto Clienti gratuito » Free Online Scanner