Home / malware Trojan:JS/Kilim.A
First posted on 12 June 2013.
Source: MicrosoftAliases :
Trojan:JS/Kilim.A is also known as JS/Chromex.FBook.F (ESET).
Explanation :
Installation
Trojan:AutoIt/Kilim.A installs Trojan:JS/Kilim.A as two malicious Chrome browser extensions using the following configuration files and registry entries:
- %windir%\adobeflash\update.xml
- %windir%\adobeflash2\update.xml
In subkey: HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist
Value: €œ1€Â
With Data: "%windir%\AdobeFlash\update.xml"
In subkey: HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist
Value: €œ2€Â
With Data: "%windir%\adobeflash2\update.xml"
Payload
Posts malicious links on social media
Trojan:JS/Kilim.A may access to your Facebook, Twitter and YouTube accounts when you log in using the Chrome browser. It may post messages, like pages or follow profiles on Twitter.
An example of the messages it may post includes:
- "Selam bir site buldum günlük 250 takipçi veriyor. Sen de denemelisin:)"
This translates as:
- "I found a site that gives a daily 250 followers. You should too:)"
Additional information
More information about this threat can be found in the blog Rise of the social bots.
Analysis by Karthik Selvaraj
Last update 12 June 2013
