JS_EXPLOIT.SM

This is Trend Micro's detection for HTML files inserted with malicious JavaScripts that could lead to the download of other possibly malicious files. It may contain hidden iframe tags to link to other websites.

Once users visit a compromised site, they could be redirected to certain websites. Users will again be redirected to websites that display advertisements.

This Trojan may be hosted on a website and run when a user accesses the said website.

Arrival Details

This Trojan may be hosted on a website and run when a user accesses the said website.

NOTES:

Other Details
This is Trend Micro's detection for HTML files inserted with malicious JavaScripts that could lead to the download of other possibly malicious files. It may contain hidden iframe tags to link to other websites. For instance, once users visit a compromised site, they could be redirected to any of the following sites:

• http://{BLOCKED}ftware.in/ts/in.cgi?346
• http://www.{BLOCKED}ombs.org/index.php
• http://{BLOCKED}qir.net/in.cgi?5
• http://{BLOCKED}amer.org/ts/in.cgi?346
• http://www.{BLOCKED}signonline.com/vi/index.html
• http://e.{BLOCKED}zi.biz/e/ads.php?b=3063
• http://{BLOCKED}miga.info/xsys5/index.php
• http://{BLOCKED}otnet.com/nnews/index.php
• http://{BLOCKED}s-antivirus-2008.com/wp.js
• http://{BLOCKED}stfc.com/images/blocks/se/umax.js
• http://{BLOCKED}af.biz/pop_mp9.js
• http://{BLOCKED}af.biz/pop_mp9.cs

• http://{BLOCKED}rclick.com/stat/counter.php
• http://{BLOCKED}af.biz/js9.php
• http://{BLOCKED}hportal.information.com/?o_id=107961&domainname={BLOCKED}dotnet.com
• http://{BLOCKED}hportal.information.com/?o_id=65014&domainname={BLOCKED}miga.info
• http://{BLOCKED}hportal.information.com/?o_id=65014&domainname={BLOCKED}signonline.com