Home / malware Trojan:JS/Iframe.AP
First posted on 07 April 2012.
Source: MicrosoftAliases :
There are no other names known for Trojan:JS/Iframe.AP.
Explanation :
Trojan:JS/Iframe.AN is a detection numerous variants of a malicious JavaScript that is embedded as an IFrame in compromised web pages, usually via SQL injection attacks, or through Blackhat search engine optimization (SEO) poisoning. When opened in a web browser, the trojan script redirects the browser to another site.
Top
Trojan:JS/Iframe.AN is a detection numerous variants of a malicious JavaScript that is embedded as an IFrame in compromised web pages, usually via SQL injection attacks, or through Blackhat search engine optimization (SEO) poisoning.
Installation
This trojan script is encountered when visiting a compromised web site that contains the JavaScript.
Payload
Redirects web browsing
When opened in a web browser, the trojan redirects the browser to another site. In the wild, this trojan redirects web browsers to domains such as the following:
- oorqqqq.cx.cc/<removed>.php?page=969843cfdd53ba77
- testosploitron.cx.cc/<removed>.php?tp=b25a5b48ad494d60
- vasyamefik.co.cc/<removed>.php?page=d993a3edfa60805b
- kennymccormick.in/<removed>.php?tp=f49b79d41454ff39
- ads2.name/<removed>.cgi?advert_id=1&banner_id=1&chid=341aa8fca26bcff7830499c1c5f8e359
At the time of this writing, the trojan-requested URLs were unavailable for analysis.
Analysis by Hyun Choi
Last update 07 April 2012
