Home / malware TrojanDownloader:JS/Whirl.A
First posted on 04 May 2010.
Source: SecurityHomeAliases :
TrojanDownloader:JS/Whirl.A is also known as JS/Psyme.JL (Authentium (Command)), HTML.Psyme.Gen (VirusBuster), HTML/Rce.Gen (Avira), VBS.Psyme.126 (Dr.Web), Trojan.DL.Script.JS.Agent.lok (Rising AV), Mal/Psyme-A (Sophos).
Explanation :
TrojanDownloader:JS/Whirl.A is the detection for a JavaScript downloader trojan within malicious or compromised Web pages. This JavaScript trojan may redirect users to Web sites other than expected.
Top
TrojanDownloader:JS/Whirl.A is the detection for a JavaScript downloader trojan within malicious or compromised Web pages. This JavaScript trojan may redirect users to Web sites other than expected. In the wild, TrojanDownloader:JS/Whirl.A has been observed to redirect the browser to the following domains and IP addresses:urodinam.net 91.188.59.10 222.73.218.83 It downloads different variants of VirTool:Win32/VBInject as "emp<random characters>.exe" in the current folder and executes it. Some file names it has been known to use are: emp2.exe emp11.exe emp400.exe
Analysis by Rodel FinonesLast update 04 May 2010
