Content
W32/Fujacks!htm
- Type
- Virus
- SubType
- Script
- Discovery Date
- 12/21/2006
- Length
- varies
- Minimum DAT
- 4924 (12/21/2006)
- Updated DAT
- 5500 (01/19/2009)
- Minimum Engine
- 5.1.00
- Description Added
- 12/21/2006
- Description Modified
- 05/09/2008 12:37 AM (PT)
Risk Assessment
- Corporate User
- Low-Profiled
- Home User
- Low-Profiled
Tab Navigation
Characteristics
-- Update May 9, 2008 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://blog.wired.com/27bstroke6/2008/05/firefox-infects.html
-- Update May 9, 2008 --
The Vietnamese language pack for Firefox 2 was infected by the virus and every help file (*.xhtml) in the package appended with a script pointing to a remote website based in China. These modified files can be proactively detected and cleaned as the W32/Fujacks!htm virus, since the 5174 DAT files (November 29th, 2007).
W32/Fujacks!htm is a detection for the following type of files infected with the parasitic W32/Fujacks virus:
- asp
- aspx
- htm
- html
- jsp
- php
When infected, these type of files will act as a downloader when executed and download the W32/Fujacks virus.
Infected files are appended with an iframe with width=0 and height=0, so the user will not notice it. The iframe could also be used to point to a page serving exploits or ads.
Symptoms
The computer may become slow and may occasionally reboot due the infection of the executable files.
For the W32/Fujacks!htm infected files, they will have an iframe in the last line of the files.
Method of Infection
The W32/Fujacks virus searches the infected machine for the following file types to infect:
- asp
- aspx
- htm
- html
- jsp
- php
Infected files are appended with an iframe with width=0 and height=0, so the user will not notice it.
Removal
A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.
Variants
Variants
N/A
All Information
Overview -
W32/Fujacks!htm is a detection for the following type of files infected with the parasitic W32/Fujacks virus:
- asp
- aspx
- htm
- html
- jsp
- php
When infected, these type of files will act as a downloader when executed and download the W32/Fujacks virus.
Aliases
- HTML/Xorer.DU (Fortinet)
- HTML_AGENT.AFBL (Trend Micro)
- Trojan.DL.Script.HTML.IeFrame.ab (Rising)
- Trojan.HTML.Xorer.A (BitDefender)
- Virus.Win32.Xorer.du (Kaspersky)
- Virus:JS/Xorer.J (Microsoft)
- W32/Xorer.T (Panda)
- Win32.HLLP.Rox (Doctor Web)
- Win32/Xorer.AW (ESET)
Characteristics
Characteristics -
-- Update May 9, 2008 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://blog.wired.com/27bstroke6/2008/05/firefox-infects.html
-- Update May 9, 2008 --
The Vietnamese language pack for Firefox 2 was infected by the virus and every help file (*.xhtml) in the package appended with a script pointing to a remote website based in China. These modified files can be proactively detected and cleaned as the W32/Fujacks!htm virus, since the 5174 DAT files (November 29th, 2007).
W32/Fujacks!htm is a detection for the following type of files infected with the parasitic W32/Fujacks virus:
- asp
- aspx
- htm
- html
- jsp
- php
When infected, these type of files will act as a downloader when executed and download the W32/Fujacks virus.
Infected files are appended with an iframe with width=0 and height=0, so the user will not notice it. The iframe could also be used to point to a page serving exploits or ads.
Symptoms
Symptoms -
The computer may become slow and may occasionally reboot due the infection of the executable files.
For the W32/Fujacks!htm infected files, they will have an iframe in the last line of the files.
Method of Infection
Method of Infection -
The W32/Fujacks virus searches the infected machine for the following file types to infect:
- asp
- aspx
- htm
- html
- jsp
- php
Infected files are appended with an iframe with width=0 and height=0, so the user will not notice it.
Removal -
Removal -
A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.
Additional Windows ME/XP removal considerations
Variants
Variants -
N/A
