Home / malware Trojan:JS/PhoexRef.F
First posted on 10 May 2012.
Source: MicrosoftAliases :
Trojan:JS/PhoexRef.F is also known as JS/IFrame.JJ (Avira), JS.Trojan.JS.Iframe.AH (BitDefender), Troj/PhoexRef-A (Sophos), Trojan.Webkit!html (Symantec), Trojan-Downloader.JS.Iframe.cvy (Kaspersky).
Explanation :
Trojan:JS/PhoexRef.F is an obfuscated JavaScript that can redirect your web browser to a malicious website that hosts additional malware.
Installation
Trojan:JS/PhoexRef.F may be inserted into a compromised web page by an attacker. When you browse to that compromised web page, the trojan script could execute.
Payload
Installs other malware
Trojan:JS/PhoexRef.F could redirect your web browser to a malicious website that hosts additional malware. We observed the trojan script directing browsers to the following domains:
- ehakkaz.ru
- freshtds.in
- tds9.lowestprices.at
- uwesfgdght.findhere.org
- vanishingmasers.ru
- vitalitysomer.ru
- webmastaumuren.ru
- webmastersuon.ru
Visiting the above mentioned domains could lead to the installation or running of the following malware or exploits:
- Exploit:Java/Blacole.FF
- Exploit:JS/Blacole.DG
- Exploit:JS/Phoex.A
- Exploit:Win32/Pdfjsc.YN
- PWS:Win32/Fareit.gen!C
- PWS:Win32/Zbot.gen!AF
Analysis by Gilou Tenebro
Last update 10 May 2012
