Home / malware Trojan:JS/Sdiper.B
First posted on 03 February 2012.
Source: MicrosoftAliases :
There are no other names known for Trojan:JS/Sdiper.B.
Explanation :
Trojan:JS/Sdiper.B is a JavaScript that send out French-language Facebook spam.
Top
Trojan:JS/Sdiper.B is a JavaScript that send out French-language Facebook spam.
Installation
In the wild, we've seen Trojan:JS/Sdiper.B hosted at "buzz<removed>france.info/f.js". Trojan:JS/Sdiper.A redirects to Trojan:JS/Sdiper.B.
Payload
Posts links to Facebook friends' Wall
Trojan:JS/Sdiper.B attempts to gain access to the user's Facebook friends list by getting a value from a browser cookie for the Facebook domain.
It then sends a HTTP GET request to "facebook.com/ajax/typeahead/first_degree.php" that includes the value from the cookie, which returns with the user's list of friends.
Trojan:JS/Sdiper.B then posts links to the Walls of all of the user's Facebook friends. The message is selected randomly from the following list:
- Voulez-vous gagner un nouveau iphone 4s?
- Gagner un iPhone 4 GRATUIT. Concours iphone 4S:
- Qui veut gagner un nouveau lPhone 4s ?
- Gagnez Ie nouveau iPh0ne 4s
- Reponds a la question correctement et gagne un iPhone4S
These messages are scams involving winning an iPhone device. They contain a shortened link to a webpage hosted in "iphone<removed>france.info".
The webpage may contain an image similar to the following:
Analysis by Horea Coroiu
Last update 03 February 2012
