Home / malwarePDF  

Trojan:JS/Tancite.A


First posted on 02 November 2011.
Source: SecurityHome

Aliases :

Trojan:JS/Tancite.A is also known as JS/Redir.ID.gen (Command), Trojan.JS.Redirector.my (BitDefender), Trojan.JS.Redirector (Ikarus), Trojan.JS.Redirector.ro (Kaspersky), Troj/JSRedir-DV (Sophos).

Explanation :

Trojan:JS/Tancite.A is a trojan JavaScript that redirects a user to a number of malicious websites.


Top

Trojan:JS/Tancite.A is a trojan JavaScript that redirects a user to a number of malicious websites. It executes only if it is opened using Internet Explorer and the language set in the browser is one of the following:

  • English
  • German
  • French
  • Italian
  • Polish
  • Brazilian


Trojan:JS/Tancite.A sets a cookie named "seenit88" that is used to check how many days have elapsed since the trojan last redirected the user. It only redirects the user if it has been more than four days since the last redirection took place.

Some of the websites it is known to redirect to are:

  • www3.bust<removed>y.in
  • www3.lin<removed>tsafe.in




Analysis by Michael Johnson and Chris Stubbs

Last update 02 November 2011

 

TOP