JS_DOOLF.SPM

This malware uses social engineering methods to lure users into performing certain actions that may, directly or indirectly, cause malicious routines to be performed. Specifically, it is a script used in a Facebook spam campaign.

To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.

This is a script involved in a Facebook "verify my account" spam campaign. It posts messages on the walls of affected users' contacts.

The said routine is exhibited when a user clicks ==VERIFY MY ACCOUNT== from an infected user's post. It also displays certain alerts. The said alert will then reference a document from a remote site, which is inaccessible as of this writing.

This Trojan executes when a user accesses certain websites where it is hosted.

Arrival Details

This Trojan executes when a user accesses certain websites where it is hosted.

It may be downloaded from the following remote sites:

• http://{BLOCKED}tenhe.info/verify.js

NOTES:

Other Details

This is a script involved in a Facebook "verify my account" spam campaign. It posts the following message on the walls of affected users' contacts:

“Inorder to PREVENT SPAM, I ask that you VERIFY YOUR ACCOUNT . Click VERIFY MY ACCOUNT right next to comment below to start the process.”

The said routine is exhibited when a user clicks ==VERIFY MY ACCOUNT== from an infected user's post.

It also displays the following alert:

Verification Failed. Click 'OK' and follow the steps to prevent your account from being deleted.

The said alert will then reference a document from the following site, which is inaccessible as of this writing:

• http://{BLOCKED}tenhe.info/verify.php?js