Home / malware Trojan:JS/Iframe.V
First posted on 09 August 2012.
Source: MicrosoftAliases :
Trojan:JS/Iframe.V is also known as JS.Click.220 (Dr.Web), JS/iFrame.aap.1 (Avira), JS/IFrame.EA (Norman), JS/Kryptik.S (ESET), JS/Pdfka.BE (Command), Mal/Iframe-W (Sophos), Trojan.JS.Downloader.BJI (BitDefender).
Explanation :
Trojan:JS/Iframe.V is a malicious JavaScript file that is embedded, via an IFrame, into malicious or compromised webpages, usually via SQL injection or through Blackhat search engine optimization (SEO) poisoning. The purpose of the file is to redirect your browser to other sites that may download malware onto your computer.
Installation
When you visit a website that contains Trojan:JS/Iframe.V, your browser is redirected to another website that may download malware onto your computer.
Payload
Redirects webpages
In the wild, a webpage that contains Trojan:JS/Iframe.V may redirect to any of the following servers:
- carbili.com
- ferefr.com
- girlsnotcryz.ru
- javlprni.ddns.name
- ntdyubxrtuutt.myfw.us
- plovbnze.usa.cc
- subcosi.com
- sumanoidos.ru
- vnqawsmz.4pu.com
- wormetal.com
- zamhuxnh.cz.cc
- ze4tvzbterbny.myfw.us
Analysis by Jonathan San Jose
Last update 09 August 2012
