Home / malware Trojan:JS/Febipos.A
First posted on 30 April 2013.
Source: MicrosoftAliases :
There are no other names known for Trojan:JS/Febipos.A.
Explanation :
This threat is installed as an add-on for Chrome and Mozilla Firefox internet browsers. It does not affect Internet Explorer.
Trojan:JS/Febipos.A can be installed by the malware TrojanDropper:Win32/Febipos.A.
Once installed the trojan will check for, download, and install an updated copy of itself from the following URLs:
- Chrome - http://du-pont.info/<removed>/pt_PT/BL-chromebrasil.crx
- Mozilla Firefox - http://du-pont.info/<removed>/pt_PT/BL-mozillabrasil.xpi
It will then attempt to read a configuration file that tells the trojan what actions to perform. This file is found at http://leferrie.<removed>/sqlvarbr.php.
The file has a list of commands for what the trojan can do in your Facebook account, including:
- Liking a page
- Sharing a post
- Posting messages
- Joining a group
- Inviting your friends to a group
- Sending messages and links via chat
- Commenting on posts
The content of these posts change regularly and can include links to Facebook pages or external websites.
Analysis by Jonathan San Jose.
Last update 30 April 2013
