Home / malware Trojan.IFrame.BI
First posted on 21 November 2011.
Source: BitDefenderAliases :
There are no other names known for Trojan.IFrame.BI.
Explanation :
Trojan.IFrame.BI is a small html code that opens a hidden browser window from the followind address:
http://(removed)/in.cgi?6
http://(removed)/~fen0men/ice/index.php
http://(removed)/in.cgi?2
http://(remove)/tds.php?th=345
http://(remove)/counter.php
http://(remove)/berbj/snow.php?adv=845
http://(remove)/check/upd.php?t=599
http://(remove)/tds/in.cgi?2
http://(remove)/if/preif.php
These adresses contain other Trojan.IFrames that are chained togheter and redirect in the end to a number of exploit scripts that download and install trojans. Due to the complex chaining sistem that this Trojan.IFrame uses, the exploit scripts and the Trojans that they download may change.Last update 21 November 2011