This JavaScript (JS) Trojan uses social engineering methods to lure users into performing certain actions that may, directly or indirectly, cause malicious routines to be performed.
To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.
This Trojan may be unknowingly downloaded by a user while visiting malicious websites.
File size: 1,623 bytes
File type: Script
Initial samples received date: 10 Mar 2011
Payload: Connects to URLs/Ips, Displays a pop-up window
Arrival Details
This Trojan may be unknowingly downloaded by a user while visiting malicious websites.
It may be unknowingly downloaded by a user while visiting the following malicious websites:
- http://{BLOCKED}gidiopinione.com/scommessa
NOTES:
This JavaScript (JS) file contains an iframe tag that redirects users to the following Web page:
- http://{BLOCKED}gidiopinione.com/scommessa/cippattina20.php
The said page displays the following fake YouTube page:
Clicking the supposed video opens a pop-up window that prompts the user to share the video on Facebook:
This script also instructs the user to click the image on the said fake YouTube page. The text is written in Italian, which when translated to English, says:
Unlock VIDEO
REGISTER FOR FREE to a deal below
Win great prizes
Fantastic discounted trips by 70%
Click and play it on facebook!
YOU MUST EMAIL TO CONFIRM THE `REAL DATA and insert
Clicking the link redirects the user to a legitimate travel website.
Connect with us on
| | | |