Analysis by: Erika Bianca Mendoza
 PLATFORM:

Windows 2000, Windows, XP, Windows Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted: No

  • In the wild: Yes

  OVERVIEW

This JavaScript file links to a malicious link which contains a fake video entitled, "This is the best April Fools' prank ever!".

After attempting to play the video, it prompts the user to login. This information is sent to a certain URL.

This Trojan executes when a user accesses certain websites where it is hosted.

  TECHNICAL DETAILS

Tamaño del archivo 16634 bytes
Tipo de archivo JS
Fecha de recepción de las muestras iniciales 03 Apr 2011

Arrival Details

This Trojan executes when a user accesses certain websites where it is hosted.

NOTES:

This JavaScript file links to the following malicious link which contains a fake video entitled, "This is the best April Fools' prank ever!".

  • http://{BLOCKED}rfume.info/aprilprank/

After attempting to play the video, it prompts the user to login. This information is sent to the URL below:

  • http://{BLOCKED}.{BLOCKED}.144.82/log.php?email={email}&pass={password}