HTML_SCAMREDIR.BF

It may be posted on social networking sites such as Facebook.

This is the Trend Micro detection for malicious HTML files that redirect user to possibly malicious sites.

This Trojan may be hosted on a website and run when a user accesses the said website.

Arrival Details

This Trojan may be hosted on a website and run when a user accesses the said website.

It may be downloaded from the following remote sites:

• http://{BLOCKED}avid.info/go.php

NOTES:

It may be posted on social networking sites such as Facebook.

This is the Trend Micro detection for malicious HTML files that redirect user to possibly malicious sites.

Once the user access the post above, the user will be redirected to following site:

• http:/{BLOCKED}a{random}.1x.net

The site then redirects user to http://{BLOCKED}a-scandalzs.blogspot.com/. This site contains the fake video and fake Facebook comments. User needs to share the video on Facebook before playind the video. After the user shared the video, the user is redirected to a series of sites:

• http://bit.ly/{random}
• http://{BLOCKED}avid.info/geo/go-rihanna.php
• http://{BLOCKED}a-vard.blogspot.com/

In the last URL, an image of a video is displayed. When clicked, user is redirected to a Youtube link of a video of Rihanna

• http://www.youtube.com/v/mPYiuSY67To