Home / malware Trojan.JS.Injector.E
First posted on 21 November 2011.
Source: BitDefenderAliases :
There are no other names known for Trojan.JS.Injector.E.
Explanation :
The script is a javascript piece of code that gets injected in every html file viewed by the infected user. The presence of the script is usually accompanied by Trojan.Vundo.FKW or Trojan.Vundo.FCB although other versions can be also responsable. Vundo is responsible with the injection of the script in every html viewed. More on the behavior of Trojan.Vundo can be found here mentioning that the version that accompanies Trojan.JS.Injector.E doesn’t show pop-ups, just inserts the script.
Trojan.JS.Injector.E scans the current html code and replaces the contents of the ad found with a random one from the IP mentioned above.
Vundo is also responsible for altering the meta information found in the .html files accessed injecting porn related words.
Among other things, it prevents from accessing the google and yahoo search engine results page, myspace, facebook and some other sites.
It also sends back to the malware server, information about the curent user, the domain visited and the link to the actual ad that had been replaced.Last update 21 November 2011