Home / malware Trojan:JS/Tracur.gen!C
First posted on 03 January 2012.
Source: MicrosoftAliases :
There are no other names known for Trojan:JS/Tracur.gen!C.
Explanation :
Trojan:JS/Tracur.gen!C is trojan, a Java class file installed as part of a malicious Firefox extension used to redirect user search results from legitimate search sites to malicious websites.
Top
Trojan:JS/Tracur.gen!C is trojan, a Java class file installed as part of a malicious Firefox extension used to redirect user search results from legitimate search sites to malicious websites.
Installation
Trojan:JS/Tracur.gen!C is a Java class file component of a Firefox extension, installed on the computer by TrojanDownloader:Win32/Tracur.AI. The Java class file is contained in a JAR file found in the following file location:
%APPDATA%\Mozilla\Firefox\Profiles\.default\extensions\{CLSID}\chrome\xulcache.jar
The following files are also created and/or modified on the computer as part of the trojan's installation:
- %APPDATA%\Mozilla\Firefox\Profiles\.default\extensions\{CLSID}\install.rdf
- %APPDATA%\Mozilla\Firefox\Profiles\.default\extensions\{CLSID}\chrome.manifest
- %APPDATA%\Mozilla\Firefox\Profiles\.default\extensions\{CLSID}\defaults\preferences\xulcache.js €“ detected as Trojan:JS/Tracur.B
Note: {CLSID} is a Class ID that differs for each computer on which it's generated.
If successfully installed, the Firefox extension appears in the Firefox Extensions menu with the name €œXUL Cache 1.0€Â
Payload
Redirects user searches
The malicious Firefox extension serves to redirect searches when the following search engines are used by the user in the Firefox browser:
- Yahoo
- Aol
- Bing
- Ask.com
Search results are redirected to another website which may contain other malware or malicious scripts.
Analysis by Amir Fouda
Last update 03 January 2012
