Trojan:JS/IframeRef.I

Trojan:JS/IframeRef.I is a malicious JavaScript file that is embedded, via an iFrame, into malicious or compromised webpages. The purpose of the file is to redirect your browser to other sites that may download malware onto your computer, often by exploiting software vulnerabilities.

Make sure you install all available updates for your computer to help prevent the downloading of additional malware. For more information on updating software, including Java, Adobe and Microsoft products, please see the Additional information section in this entry.

Trojan:JS/IframeRef.I is a member of the Trojan:JS/IframeRef family.

To avoid detection, the iFrame may be only one pixel in size.

Installation

When you visit a website that contains Trojan:JS/IframeRef.I, your browser is redirected to another website that may download malware onto your computer. The malware could be any of the attacker's choice, and is typically downloaded onto your computer by exploiting software vulnerabilities.

Payload

Redirects webpages

In the wild, we have observed Trojan:JS/IframeRef.I redirecting Internet browsers to possibly malicious URLs in the following format:

<domain name>.ru:8080/forum/links/column.php

Additional information

Software vulnerabilities are fixed through the application of updates or patches from the software manufacturer.

The best way to protect your computer from exploits is to ensure that the versions of your software are up-to-date. Follow these links for more information on updating software that is commonly targeted by malware:

• Microsoft Malware Protection Center - Updating Software
• Java updates
• Adobe updates (Acrobat, Reader, Flash, Shockwave)
• Microsoft updates via the Microsoft Update tool (including Windows, Office, and Internet Explorer)

Related encyclopedia entries

Trojan:JS/IframeRef

Analysis by Mihai Calota