JS_FBJACK.A

This JavaScript (JS) Trojan uses social engineering methods to lure users into performing certain actions that may, directly or indirectly, cause malicious routines to be performed.

To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.

This Trojan may be unknowingly downloaded by a user while visiting malicious websites.

Arrival Details

This Trojan may be unknowingly downloaded by a user while visiting malicious websites.

It may be unknowingly downloaded by a user while visiting the following malicious websites:

• http://{BLOCKED}gidiopinione.com/scommessa

NOTES:

This JavaScript (JS) file contains an iframe tag that redirects users to the following Web page:

• http://{BLOCKED}gidiopinione.com/scommessa/cippattina20.php

The said page displays the following fake YouTube page:

Clicking the supposed video opens a pop-up window that prompts the user to share the video on Facebook:

This script also instructs the user to click the image on the said fake YouTube page. The text is written in Italian, which when translated to English, says:

Unlock VIDEO
REGISTER FOR FREE to a deal below
Win great prizes
Fantastic discounted trips by 70%
Click and play it on facebook!
YOU MUST EMAIL TO CONFIRM THE `REAL DATA and insert

Clicking the link redirects the user to a legitimate travel website.