Home / malware

PDF

Trojan:JS/Tracur.C

First posted on 08 March 2010.
Source: SecurityHome

Aliases :

Trojan:JS/Tracur.C is also known as HTML/Redir.AA (Norman).

Explanation :

Trojan:JS/Tracur.C is a trojan that redirects user searches via the Web browser Firefox to a malicious Web site.
Top

Trojan:JS/Tracur.C is a trojan that redirects user searches via the Web browser Firefox to a malicious Web site. InstallationTrojan:JS/Tracur.C may be installed by other malware or by visiting a malicious Web page. It arrives in the system as a Firefox mechanism that allows applications to add elements to the browser interface and is present as a file named "overlay.xul". Payload Redirects user searches Trojan:JS/Tracur.C loads its configuration from another file "_cfg.js" found in the same location as the malicious "overlay.xul" file. The configuration file contains a search engine used for the redirection. When a user uses the Web browser Firefox to conduct searches using certain search engines, the browser is redirected to the server specified in "_cfg.js". The following search engines are impacted by the trojan:

Google

Ask

Yahoo!

AOL

Bing

Additional InformationThere are legitimate uses and examples of "overlay.xul". It is not currently known what malware installs Trojan:JS/Tracur.C - the analyzed code of the trojanized "overlay.xul" does not have the capability to install itself.

Analysis by Chris Stubbs

Last update 08 March 2010

 

TOP