It usually arrives in the system as an obfuscated script that is injected into modified Web pages. When users visit a compromised Web site, Trojan:JS/Gamburl.gen!A may be executed, causing the browser to be redirected to a specific malicious Web site.
Trojan:JS/Gamburl.gen!A has been observed to redirect users to the following sites:
The above Web sites are known to contain malware, such as Backdoor:Win32/PcClient
. JS/Gamburl.gen!A then attempts to download these malware into the system. Note that the Web sites accessed by JS/Gamburl.gen!A and the malware that it attempts to download may change at any time.
Analysis by Jireh Sanico
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).