Home / malware Trojan:JS/FakebyScreen.B
First posted on 11 February 2014.
Source: MicrosoftAliases :
There are no other names known for Trojan:JS/FakebyScreen.B.
Explanation :
Threat behavior
Installation
A link to the malicious web page might be sent as a download link via a spam email.
When you visit the malicious page, it tries to load a Java applet.
The applet won't run unless Java is installed on your PC. The website uses social engineering techniques to encourage you to install Java, as shown in the example below:
Payload
The Trojan:JS/FakebyScreen.B website requires you to manually accept the Java applet to run. When successful, it can automatically run an executable file from this location:
- http://www.123mediashare.com/DB/
The name of the file that is downloaded can vary. Examples include:
- JS.exe
- JS2.exe
The payload of the downloaded file can also vary. We have seen it include Worm:Win32/Ainslot.A.
Additional information
The social engineering template used to convince you to download Java is sourced from an open source penetration testing framework called Social-Engineer Toolkit (SET).
Analysis by Methusela Cebrian Ferrer
Symptoms
Alerts from your security software may be the only symptom.
Last update 11 February 2014
