Home / malware JS/Timbum
First posted on 13 March 2012.
Source: MicrosoftAliases :
JS/Timbum is also known as Exploit.JS.Timbum (Ikarus), Trojan.Iframe.AGI (BitDefender).
Explanation :
Exploit:JS/Timbum is a detection for a malicious JavaScript that redirects the browser to certain URLs. It exploits a vulnerability in the TimThumb Wordpress plugin, which allows an attacker to upload and execute malicious PHP code.
Top
Exploit:JS/Timbum is a detection for a malicious JavaScript that redirects the browser to certain URLs. It exploits a vulnerability in the TimThumb Wordpress plugin, which allows an attacker to upload and execute malicious PHP code. If the user visits a website that has a vulnerable version of TimThumb installed, the browser automatically redirects to certain sites.
In the wild, Exploit:JS/Timbum has been observed to redirect to the following sites:
- superpuperdomain.com
- superpuperdomain2.com
Analysis by Mihai Calota
Last update 13 March 2012
