Home / malware Trojan.Downloader.VBS.BL
First posted on 21 November 2011.
Source: BitDefenderAliases :
There are no other names known for Trojan.Downloader.VBS.BL.
Explanation :
Trojan.Downloader.VBS.BL is a small Visual Basic Script (VBS) that opens a hidden Internet Explorer windows containing the following address:
“http://[hide]asmegaportal.com/phandler.php?sid=0&aid=0&pn=&said=0&pid=2&k=[word1]+[word2]”, where [word1] and [word2] are common terms searched on the internet.
This page redirects to:
“http://www.[hide]em-defender.com/freeware/2/?wmid=6010&mid=MjI6Mzc6MTgxNjM=&lndid=37&p=01”, where users are deceived by a windows security alert-like page (see attached screenshot) and asked to download a fake security product, System Defender, detected by BitDefender as Trojan.Generic.69347.Last update 21 November 2011
