Home / malware Trojan:JS/Iframe.AQ
First posted on 07 August 2012.
Source: MicrosoftAliases :
Trojan:JS/Iframe.AQ is also known as Iframe.NH (Norman), JS.IFrame.285 (Dr.Web), JS/Iframe.EX trojan (ESET), JS/IFrame.HC.gen (Command), JS/IFrame.MI (Avira), Trojan.IframeRef (Ikarus), Trojan.JS.Iframe.BQC (BitDefender), Trojan-Downloader.JS.Iframe.czd (Kaspersky).
Explanation :
Trojan:JS/Iframe.AQ is a malicious JavaScript file that is embedded, via an IFrame, into malicious or compromised webpages, usually via SQL injection or through Blackhat search engine optimization (SEO) poisoning. The purpose of the file is to redirect your browser to other sites that may download malware onto your computer.
To avoid detection, the IFrame may be only one pixel in size.
Installation
When you visit a website that contains Trojan:JS/Iframe.AQ, your browser is redirected to another website that may download malware onto your computer.
Payload
Redirects webpages
In the wild, a webpage that contains Trojan:JS/Iframe.AQ may redirect to any of the following malicious URLs:
- antigest.ru/red.php
- asprout.in/wb65a/05.php
- awnlc.net/styles/counter.php
- baalite.in/wb65a/05.php
- cabaniaseleden.com.ar/stats.php
- cahnite.in/wb65a/05.php
- couchtarts.com/media.php
- counterdevelopment.in/wb65a/05.php
- draymen.in/wb65a/05.php
- glamorous-models-girls.net
- heartofpole.net/xml.php
- kildee.in/wb65a/05.php
- localwebgeek.com/wp-feeds.php
- misguiding.in/index.php?r=3f8a86e
- mytresca.com/counter.php
- natbushing.com/counter.php
- newstops.ru/red.php
- planwood.com/modules/counter.php
- poowabah.info/counter.php
- progenitive.in/wb65a/05.php
- pukers.ru/red.php
- reredatas.co.cc/red.php
- sessioweb.in/images.php?t=42442948
- setriner.co.cc/red.php
- speckdose.com/helpfiles/main.php
- ssl.imagecloud.in/release.php?image=178ed687bcbc8d3c
- start.clearlighthealing.ch/demo/single/counter.php?sid=1
- superololo.net/demo/single/counter.php?sid=1
- sushi.hideko-sushi.com.ar/demo/single/counter.php?sid=1
Analysis by Ric Robielos
Last update 07 August 2012
