SecurityHome.eu JS/Timbum

Home / malware PDF

JS/Timbum

First posted on 13 March 2012.
Source: Microsoft
Aliases :
JS/Timbum is also known as Exploit.JS.Timbum (Ikarus), Trojan.Iframe.AGI (BitDefender).
Explanation :
Exploit:JS/Timbum is a detection for a malicious JavaScript that redirects the browser to certain URLs. It exploits a vulnerability in the TimThumb Wordpress plugin, which allows an attacker to upload and execute malicious PHP code.

Top

Exploit:JS/Timbum is a detection for a malicious JavaScript that redirects the browser to certain URLs. It exploits a vulnerability in the TimThumb Wordpress plugin, which allows an attacker to upload and execute malicious PHP code. If the user visits a website that has a vulnerable version of TimThumb installed, the browser automatically redirects to certain sites.

In the wild, Exploit:JS/Timbum has been observed to redirect to the following sites:

superpuperdomain.com

superpuperdomain2.com

Analysis by Mihai Calota

Last update 13 March 2012

TOP

Malware :

None in database

Last 20