Home / malware Trojan:HTML/SMSFakerweb.A
First posted on 13 November 2012.
Source: MicrosoftAliases :
There are no other names known for Trojan:HTML/SMSFakerweb.A.
Explanation :
Trojan:HTML/SMSFakerweb.A is a trojan that displays a pop-up window prompting you to send an SMS to a premium number.
You may encounter this trojan when visiting a website, often a malicious phishing website. You may be redirected to a malicious website that has been designed to look like a legitimate website, when the trojan displays its pop-up message.
The page itself will mimic the design of a legitimate page, for instance "odnoklassniki.ru" or "vkontakte.ru", but in fact will be pointing to a different domain and will try to force you to type in a phone number which in turn can be used to pay for SMS services.
The pop-up message may look like the following:
Loosely translated from Russian it reads:
"Your account is suspected in the unauthorized activity and requires immediate validation. If no validation is performed the account will be blocked, are you sure you want to leave this page?"
Additional information
The trojan is a 9169 bytes JavaScript component.
In the wild, we have observed users being directed to these malicious websites after being compromised by malware that modifies the Hosts file, such as Trojan:Win32/Qhost.AY.
Related encyclopedia entries
Trojan:Win32/Qhost.AY
Analysis by Oleg Petrovsky
Last update 13 November 2012