SecurityHome.eu Trojan:JS/Iframe.BK

Home / malware PDF

Trojan:JS/Iframe.BK

First posted on 07 June 2012.
Source: Microsoft
Aliases :
Trojan:JS/Iframe.BK is also known as VirTool:JS/Obfuscator.DC (other), Trojan.JS.Iframe.aaw (Kaspersky), gootkit (other).
Explanation :

Trojan:JS/Iframe.BK is a detection for malicious JavaScript that has been appended to existing JavaScript files for the purpose of downloading other code via your web browser.

Installation
Trojan:JS/Iframe.BK is appended to existing JavaScript files by another process or malware. It may be present in JavaScript files and commented with "/*gootkitstart*/" and "/*gootkitend*/" that marks the beginning and end of the appended code, for example:

Payload
Downloads arbitrary files When Trojan:JS/Iframe.BK is run, it inserts a hidden IFrame that points to a psuedo-random web address, for example "<pseudo random string>.dns-stuff.com". During our investigation of this malware, the requested addresses were unreachable. Additional information This trojan script affects files stored on a web server and could be indicative of an FTP account compromise.

Analysis by Andrei Florin Saygo
Last update 07 June 2012

TOP

Malware :

Last 20

Trojan:JS/Iframe.BK

Aliases :

Explanation :

Malware :

Family: