Home / malwarePDF  

Trojan.JS.Injector.A


First posted on 21 November 2011.
Source: BitDefender

Aliases :

There are no other names known for Trojan.JS.Injector.A.

Explanation :

The script is a javascript piece of code that gets injected in every html file viewed by the infected user. The presence of the script is usually accompanied by Trojan.Vundo.FKW or Trojan.Vundo.FCB although other versions can be also responsable. Vundo is responsible with the injection of the script in every html viewed. More on the behavior of Trojan.Vundo can be found here mentioning that this version that accompanies Trojan.JS.Injector.A doesn’t show pop-ups, but just inserts the script.

Trojan.JS.Injector.A scans the current html code and replaces the contents of the ad found with a random one from the IP mentioned above.

It also sends back to the malware server, information about the curent user, the domain visited and the link to the actual ad that had been replaced.

Last update 21 November 2011

 

TOP

Malware :