arrow_back
search
close

JS_FAKEVID.C

October 08, 2012
 Analysis by: Erika Bianca Mendoza
 PLATFORM:

Windows 2000, Windows, XP, Windows Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted: No

  • In the wild: Yes

  OVERVIEW


This JavaScript file links to a malicious link which contains a fake video entitled, "This is the best April Fools' prank ever!".

After attempting to play the video, it prompts the user to login. This information is sent to a certain URL.

This Trojan executes when a user accesses certain websites where it is hosted.

  TECHNICAL DETAILS

File Size:

16634 bytes

File Type:

JS

Initial Samples Received Date:

03 Apr 2011

Arrival Details

This Trojan executes when a user accesses certain websites where it is hosted.

NOTES:

This JavaScript file links to the following malicious link which contains a fake video entitled, "This is the best April Fools' prank ever!".

  • http://{BLOCKED}rfume.info/aprilprank/

After attempting to play the video, it prompts the user to login. This information is sent to the URL below:

  • http://{BLOCKED}.{BLOCKED}.144.82/log.php?email={email}&pass={password}