POSSIBLE_HIFRM-5

This is the Trend Micro heuristic detection for script files containing an inserted IFRAME tag which may redirect users to possibly malicious websites.

If your Trend Micro product detects a file under this detection name, do not execute the file. Delete it immediately especially if it came from an untrusted or an unknown source (e.g., a website of doubtful nature). However, if you have reason to believe that the detected file is non-malicious, you can submit a sample for analysis. Detailed analysis will be done on submitted samples, and corresponding removal instructions will be provided, if necessary.

This malware executes when a user accesses certain websites where it is hosted.

It redirects browsers to certain sites.

Arrival Details

This malware executes when a user accesses certain websites where it is hosted.

Other Details

This malware redirects browsers to the following sites:

• http://{BLOCKED}v.co/ad/up1.php
• http://{BLOCKED}v.co/adds/300d.php
• http://{BLOCKED}v.co/adds/300dd.php
• http://{BLOCKED}v.co/ad/up2.php
• http://{BLOCKED}v.co/adds/300c.php
• http://{BLOCKED}v.co/ad/csh2.php
• http://{BLOCKED}v.co/ad/csh1.php
• http://{BLOCKED}v.co/adds/468b.php