JS_IFRAME.ZT

 Analysis by: Jasen Sumalapao

 PLATFORM:

Windows 2000, Windows XP, Windows Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW


This is the Trend Micro detection for Web pages that were compromised through the insertion of a certain malicious script. Once a user visits an affected Web page, this HTML script launches a hidden IFRAME that connects to a malicious URL. However, as of this writing, the said sites are inaccessible.

  TECHNICAL DETAILS

File Size:

Varies

File Type:

JS, HTML, HTM

Initial Samples Received Date:

17 May 2008

Other Details

This is the Trend Micro detection for Web pages that were compromised through the insertion of a certain malicious script.

It inserts the following IFRAME code in webpages:

  • http://{BLOCKED}z.com/stat.php
  • http://{BLOCKED}0.51yes.com/sa.aspx
  • http://{BLOCKED}gji123.com/g1.aspx
  • http://{BLOCKED}z.com/stat.php
  • http://{BLOCKED}s.51.la/1672557.js
  • http://{BLOCKED}z.com/stat.php
  • http://{BLOCKED}hi88.com/ai/Yes.htm
  • http://{BLOCKED}e520.com/wangma/n.htm
  • http://{BLOCKED}z.cn/web.htm
  • http://www.{BLOCKED}1.cn/428/index.htm
  • http://www.{BLOCKED}.cn/61.htm

Once a user visits an affected Web page, this HTML script launches a hidden IFRAME that connects to a malicious URL.

However, as of this writing, the said sites are inaccessible.