Home / malware Trojan:JS/Quidvetis.A
First posted on 02 October 2013.
Source: MicrosoftAliases :
There are no other names known for Trojan:JS/Quidvetis.A.
Explanation :
Threat behavior
Installation
Trojan:JS/Quidvetis.A can be installed when a hacker injects a client-side script into a vulnerable website. The script is run when you visit the hacked web page.
Payload
Trojan:JS/Quidvetis.A is designed to load a hidden Iframe that references to a malicious host. The host then exploits multiple known vulnerabilities in your web browser.
The malicious host referenced within the obfuscated JavaScript varies, as a hacker can change it at any time.
We have seen this threat referencing hosts that distribute the Blacole and Cool exploit kits.
In the wild, we have seen this malware connect to the following URLs:
- armitores.cz/<removed>/clk.php
- drivemotion.pl/<removed>/rel.php
- giftw.com/actionpak/dtd.php
Analysis by Rodel Finones
SymptomsAlerts from your security software may be the only symptom.Last update 02 October 2013
