HTML_IFRAME.AAH

This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be hosted on a website and run when a user accesses the said website.

However, as of this writing, the said sites are inaccessible.

Arrival Details

This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users.

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It may be hosted on a website and run when a user accesses the said website.

Other Details

This Trojan connects to the following possibly malicious URL:

• http://{BLOCKED}de.net/images/inquiry/inquiry_02.gif
• http://www.{BLOCKED}de.net/upload/logo/201210/20121030084504.gif
• http://{BLOCKED}de.net/images/eCL/ecl_bg_title04.gif
• http://www.{BLOCKED}de.net/KMS/mail_ck_4.php?b_type=201210&b_type2=01&d_type=C1042&e_type=20121001KM1365C1042_193511
• http://www.{BLOCKED}de.net/upload/prod/201210/C104220121030084856.gif
• http://www.{BLOCKED}de.net/upload/prod/201210/C104220121030084927.gif
• http://{BLOCKED}de.net/images/eCL/inq_bt02.png
• http://{BLOCKED}de.net/images/eCL/site_bt02.png
• http://{BLOCKED}de.net/images/inquiry/inquiry_01.gif
• http://{BLOCKED}de.net/images/icon/send_100.20.gif
• http://www.{BLOCKED}yung.co.kr/eng
• http://www.{BLOCKED}print.jp
• http://www.{BLOCKED}co.com
• http://www.{BLOCKED}a.com

However, as of this writing, the said sites are inaccessible.