Analysis by: Christopher Daniel So

 PLATFORM:

Windows 2000, XP, Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted: No

  • In the wild: Yes

  OVERVIEW

As of this writing, the said sites are inaccessible.

It inserts an IFRAME tag that redirects users to certain URLs.

  TECHNICAL DETAILS

File Size: Varies
File Type: HTML, HTM
Memory Resident: No
Initial Samples Received Date: 11 Aug 2010

Download Routine

As of this writing, the said sites are inaccessible.

Other Details

This Trojan inserts an IFRAME tag that redirects users to the following URLs:

  • http://{BLOCKED}r.ru:8080/index.php
  • http://{BLOCKED}tatz.com/lib/index.php
  • http://{BLOCKED}rocks.cn:8080/index.php
  • http://{BLOCKED}n.ru:8080/index.php
  • http://{BLOCKED}rhousedomain.cn:8080/index.php
  • http://{BLOCKED}ebet.cn:8080/index.php
  • http://{BLOCKED}igtop.cn:8080/index.php
  • http://{BLOCKED}plocate.cn:8080/index.php
  • http://{BLOCKED}opinternational.cn:8080/index.php
  • http://{BLOCKED}lmlifeonline.cn:8080/index.php
  • http://{BLOCKED}deocommission.cn:8080/index.php
  • http://{BLOCKED}ename.cn:8080/index.php
  • http://{BLOCKED}s.{BLOCKED}protect.cn/blog/index.php
  • http://{BLOCKED}y.ru:8080/index.php