Follow:

 

TrojanClicker:HTML/Iframe.J


TrojanClicker:HTML/Iframe.J is the detection for a script that modifies HTML within a client Web browser to include IFrame content in a compromised Web page. The trojan HTML file redirects the Web browser to sites located on other domains.


What to do now

Manual removal is not recommended for this threat. Use Microsoft Windows Defender, Microsoft Security Essentials, the Microsoft Safety Scanner, or another up-to-date scanning and removal tool to detect and remove this threat and other unwanted software from your computer. For more information on Microsoft security products, see http://www.microsoft.com/protect/products/computer/default.mspx.

Threat behavior

TrojanClicker:HTML/Iframe.J is the detection for a script that modifies HTML within a client Web browser to include IFrame content in a compromised Web page. The trojan HTML file redirects the Web browser to sites located on other domains.
 
If a web page containing this script is viewed in the Web browser, it will redirect the browser, through a remote script "include" or an IFrame, to a file located on the domain "itsallbreaksoft.net".
 
The purpose of the script appears to be to direct traffic to gain commissions, rather than exploit the browser.
Additional Information
The malicious script may be found within Web pages on servers that have been compromised by SQL injection attacks. In February 2010, many WordPress blogs were compromised to include this script.
 
Analysis by Chris Stubbs

Symptoms

There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).

Prevention


Alert level: Severe
First detected by definition: 1.81.1685.0
Latest detected by definition: 1.81.1748.0 and higher
First detected on: May 14, 2010
This entry was first published on: May 25, 2010
This entry was updated on: Apr 17, 2011

This threat is also detected as:
  • JS/Downloader.Agent (AVG)
  • JS/Crypt.o (Avira)
  • Trojan.JS.Iframe.AED (BitDefender)
  • JS/Psyme.AF (CA)
  • VBS.Psyme.377 (Dr.Web)
  • JS/Agent.NCA (ESET)
  • Trojan-Downloader.JS.Inor (Ikarus)
  • Trojan-Clicker.JS.Agent.ma (Kaspersky)
  • JS/Wonka (McAfee)
  • Trojan.Clicker.Script.JS.Wonka.a (Rising AV)
  • Mal/FunDF-A (Sophos)