PDF_PHISH.SSVY
PLATFORM:
Windows
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
INFORMATION EXPOSURE:
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
TECHNICAL DETAILS
File Size:
128,508 bytes
File Type: PDF
Memory Resident:
Yes
Initial Samples Received Date:
21 Oct 2015
Arrival Details
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Other Details
This Trojan connects to the following possibly malicious URL:
- http://{BLOCKED}ing4advantage.com/CQAkgYiV4/javascript/facebox/src/facebox.css
- http://{BLOCKED}yip.us/showipsimple.php
- http://{BLOCKED}ing4advantage.com/CQAkgYiV4/javascript/jquery-1.6.2.min.js
- http://{BLOCKED}ing4advantage.com/CQAkgYiV4/javascript/facebox/src/facebox.js
NOTES:
It connects to the url when a part of the opened document is clicked.