SecurityHome.eu Trojan.IFrame.BI

Home / malware PDF

Trojan.IFrame.BI

First posted on 21 November 2011.
Source: BitDefender
Aliases :
There are no other names known for Trojan.IFrame.BI.
Explanation :
Trojan.IFrame.BI is a small html code that opens a hidden browser window from the followind address:
http://(removed)/in.cgi?6
http://(removed)/~fen0men/ice/index.php
http://(removed)/in.cgi?2
http://(remove)/tds.php?th=345
http://(remove)/counter.php
http://(remove)/berbj/snow.php?adv=845
http://(remove)/check/upd.php?t=599
http://(remove)/tds/in.cgi?2
http://(remove)/if/preif.php

These adresses contain other Trojan.IFrames that are chained togheter and redirect in the end to a number of exploit scripts that download and install trojans. Due to the complex chaining sistem that this Trojan.IFrame uses, the exploit scripts and the Trojans that they download may change.
Last update 21 November 2011

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20