This HTML script is noteworthy as it uses social engineering methods to lure users into performing certain actions that may, directly or indirectly, cause malicious routines to be performed. Specifically, it makes use of the recent tsunami in Japan to trick users. It displays a video page with deceiving title. Once an unsuspecting user clicks on the said video, it plays a YouTube video. It then triggers an automatic Like on Facebook for malicious URLs and displays the link on the wall of the currently logged user.
To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.
This HTML script displays a video page with the title:
Vidéo exclusive de l'arrivée du Tsunami sur les cotes Japonaises:Voilà une vidéo du Tsunami du Japon du 11 Mars 2011 !!! A voir absolument.
Once an unsuspecting user clicks on the said video, it plays a YouTube video.
It then triggers an automatic Like on Facebook for a malicious URL and displays the link on the wall of the currently logged user.
This Trojan may be hosted on a website and run when a user accesses the said website.
File size: 12,325 bytes
File type: Script
Initial samples received date: 13 Mar 2011
Payload: Display a fake video page
Arrival Details
This Trojan may be hosted on a website and run when a user accesses the said website.
Other Details
This Trojan does the following:
- Displays a video page with the following title:
- Vidéo exclusive de l'arrivée du Tsunami sur les cotes Japonaises: Voilà une vidéo du Tsunami du Japon du 11 Mars 2011 !!! A voir absolument.
- Plays a YouTube video on the following link once unsuspecting users click the video:
- http://www.youtube.com/watch?v=zjnf_ROZyfY
- Triggers an automatic Like on Facebook for the following URLs and displays the link on the wall of the currently logged user:
- http://www.{BLOCKED}u.net/view.php?vid=Le-plus-gros-Tsunami-du-Japon-depuis-20-ans
- http://www.{BLOCKED}u.fr/view.php?vid=Le-plus-gros-Tsunami-du-Japon-depuis-20-ans
Connect with us on
| | | |