TROJ_LINKOPTIM.G - Description and solution

TrendLabs Malware Blog

Glossary

TrendWatch

TrendLabs Twitter

TROJ_LINKOPTIM.G

Overview

Solution

Technical Details

Malware type: Trojan

Aliases: LinkOptimizer (McAfee), Trojan.Linkoptimizer (Symantec), ADSPY/LinkOptimizer.A.173 (Avira),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:
Damage potential:		Medium
Distribution potential:		Low

Description:

It starts from several Italian Web pages. From there, the whole LINKOPTIM attack branches out to countless possibilities, putting the Italian computing population in a sticky security situation. After numerous redirections, obfuscations, different techniques for different Web browsers, and ever changing download URLs and files to download, there is no definite indication of a LINKOPTIM infection. Read a comprehensive article about the LINKOPTIM attack here: A Long and Winding Road: Tracking Down the LINKOPTIM Attack.

This Trojan may arrive as a file dropped or downloaded by other malware. It may also be downloaded and manually installed by an unsuspecting user. Upon execution, it registers itself as a Browser Helper Object (BHO).

It connects to the certain URLs to execute several scripts, which effectively compromise the affected computer. It also poses to be a Microsoft file to trick the user into thinking that it is legitimate.

For additional information about this threat, see:
Solution
Technical Details

Description created: Sep. 13, 2006 12:00:55 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.