Home / malware Trojan:JS/Iframe.AK
First posted on 27 March 2012.
Source: MicrosoftAliases :
Trojan:JS/Iframe.AK is also known as JS/IFrame.HC.gen (Command), Exp/JS.Iframe.AL (Avira), JS:Trojan.JS.Redirector.Q (BitDefender), JS.IFrame.151 (Dr.Web), JS/Iframe.BV trojan (ESET).
Explanation :
Trojan:JS/Iframe.AK is a malicious JavaScript file that is embedded into malicious or compromised webpages, usually via SQL injection or through Blackhat search engine optimization (SEO) poisoning.
Top
Trojan:JS/Iframe.AK is a malicious JavaScript file that is embedded into malicious or compromised webpages, usually via SQL injection or through Blackhat search engine optimization (SEO) poisoning.
Installation
If a user visits a website that contains Trojan:JS/Iframe.AK, it redirects them to another website that may download other malware into the computer.
Payload
Redirects webpages
In the wild, a webpage that contains Trojan:JS/Iframe.AK may redirect to any of the following URLs:
- abc-spain.net/<removed>.php?page=5263598721135de9
- abc-spain.net/<removed>.php?page=875aad48ec2f2f4d
- berlin-stats.at.lv
- cris4459.myftp.biz/<removed>/go.php?sid=1
- gaveyou.ch.tf/<removed>.cgi?2
- hapturing.net/<removed>.php?page=2d057d472cd217e2
- haslo.ddns.mobi/<removed>.php?sid=1
- iagclutp.dns05.com/<removed>/go.php?sid=1
- imcjgftz.ontheweb.nu/<removed>?=2
- imprintrgme.monbe.be/<removed>/index.php?1a41c24a2dae175de82946d73480574a
- layoutgmsakc.tk/<removed>/index.php?078e76f25226521ee3edf6a73962ffd2
- perikanzas.com/<removed>.php?page=f231b7d2647c237a
- priceqceea.oueb.eu/<removed>/index.php?6d6599f7258e24b6d44dbb78dd16c6a6
- riea8967.hopto.org/<removed>go=2
- stovek.com/nx/<removed>.html
- surveyeazdv.AKlita.fr/<removed>/index.php?6127872daf51a5fbdb99f270ab8f687c
- zdzcizny.sexxxy.biz/<removed>go=2
- zzzkwphb.4pu.com/stds/<removed>go.php?sid=1
Analysis by Hyun Choi
Last update 27 March 2012
