|
Malware type: Html
Aliases: W32.Fujacks!html(Symantec), Troj/Fujif-Gen(Sophos), Worm.Win32.Mefir.s(Kaspersky), HTML/IFrame.Agent.Z(Avira), HTML/IFrame (exact)(F-Prot)
In the wild: Yes
Destructive: No
Language: English
Platform: Windows 98, ME, NT, 2000, XP, Server 2003
Encrypted: No
|
|
|
Description:
File infectors survive in the changing threat environment by adapting to it. PE_FUJACKS, a young family of file infectors discovered in the last quarter of 2006, exemplifies this. It has taken on the traits that characterize the prevailing threat landscape: multi-component, sequential, focused, Web-based, and profit-driven. To read a comprehensive article detailing PE_FUJACKS's routines and goals, click here: PE_FUJACKS: Jacking Up to the Times. |
This is the Trend Micro detection for an IFrame, which PE_FUJACKS.F-O appends to its infected files. The said IFrame enables the mentioned infected files to open the Web page http://www.{BLOCKED}vkr.com/worm.htm. This page, in turn, redirects the affected user to another Web page - http://www.{BLOCKED}vkr.com/muma.htm- which contains a malicious script.
Trend Micro detects the said script VBS_SMALL.EKE. The routines of this malicious VBScript may be exhibited on the affected machine.
For additional information about this threat, see:
Solution
Technical Details
Description created: Dec. 22, 2006 8:27:52 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
