Home / malware Trojan:JS/Tancite.A
First posted on 02 November 2011.
Source: SecurityHomeAliases :
Trojan:JS/Tancite.A is also known as JS/Redir.ID.gen (Command), Trojan.JS.Redirector.my (BitDefender), Trojan.JS.Redirector (Ikarus), Trojan.JS.Redirector.ro (Kaspersky), Troj/JSRedir-DV (Sophos).
Explanation :
Trojan:JS/Tancite.A is a trojan JavaScript that redirects a user to a number of malicious websites.
Top
Trojan:JS/Tancite.A is a trojan JavaScript that redirects a user to a number of malicious websites. It executes only if it is opened using Internet Explorer and the language set in the browser is one of the following:
- English
- German
- French
- Italian
- Polish
- Brazilian
Trojan:JS/Tancite.A sets a cookie named "seenit88" that is used to check how many days have elapsed since the trojan last redirected the user. It only redirects the user if it has been more than four days since the last redirection took place.
Some of the websites it is known to redirect to are:
- www3.bust<removed>y.in
- www3.lin<removed>tsafe.in
Analysis by Michael Johnson and Chris Stubbs
Last update 02 November 2011
