If the browser visits a webpage infected with Trojan:JS/Alescurf.C, it is redirected to a webpage in a remote server that may have malicious content. In the wild, it is known to redirect to the IP address91.<removed>.216.64.
It collects the following information about the computer and passes them on to the remote server:
- Color depth
- Screen width and height
- Character set
- User agent
Analysis by Daniel Chipiristeanu
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.