McAfee > Theat Center > Virus Detail Page

Overview

W32/Fujacks!htm is a detection for the following type of files infected with the parasitic W32/Fujacks virus:

- asp
- aspx
- htm
- html
- jsp
- php

When infected, these type of files will act as a downloader when executed and download the W32/Fujacks virus.

Aliases

• HTML/Xorer.DU (Fortinet)

• HTML_AGENT.AFBL (Trend Micro)

• Trojan.DL.Script.HTML.IeFrame.ab (Rising)

• Trojan.HTML.Xorer.A (BitDefender)

• Virus.Win32.Xorer.du (Kaspersky)

• Virus:JS/Xorer.J (Microsoft)

• W32/Xorer.T (Panda)

• Win32.HLLP.Rox (Doctor Web)

• Win32/Xorer.AW (ESET)

Characteristics

-- Update May 9, 2008 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://blog.wired.com/27bstroke6/2008/05/firefox-infects.html

-- Update May 9, 2008 --

The Vietnamese language pack for Firefox 2 was infected by the virus and every help file (*.xhtml) in the package appended with a script pointing to a remote website based in China. These modified files can be proactively detected and cleaned as the W32/Fujacks!htm virus, since the 5174 DAT files (November  29th, 2007).

W32/Fujacks!htm is a detection for the following type of files infected with the parasitic W32/Fujacks virus:

- asp
- aspx
- htm
- html
- jsp
- php

When infected, these type of files will act as a downloader when executed and download the W32/Fujacks virus.

Infected files are appended with an iframe with width=0 and height=0, so the user will not notice it. The iframe could also be used to point to a page serving exploits or ads. 

Symptoms

The computer may become slow and may occasionally reboot due the infection of the executable files.
For the W32/Fujacks!htm infected files, they will have an iframe in the last line of the files.

Method of Infection

The W32/Fujacks virus searches the infected machine for the following file types to infect:

- asp
- aspx
- htm
- html
- jsp
- php

Infected files are appended with an iframe with width=0 and height=0, so the user will not notice it.

Removal

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

W32/Fujacks!htm is a detection for the following type of files infected with the parasitic W32/Fujacks virus:

- asp
- aspx
- htm
- html
- jsp
- php

When infected, these type of files will act as a downloader when executed and download the W32/Fujacks virus.

Aliases

• HTML/Xorer.DU (Fortinet)

• HTML_AGENT.AFBL (Trend Micro)

• Trojan.DL.Script.HTML.IeFrame.ab (Rising)

• Trojan.HTML.Xorer.A (BitDefender)

• Virus.Win32.Xorer.du (Kaspersky)

• Virus:JS/Xorer.J (Microsoft)

• W32/Xorer.T (Panda)

• Win32.HLLP.Rox (Doctor Web)

• Win32/Xorer.AW (ESET)

Characteristics

Characteristics -

-- Update May 9, 2008 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://blog.wired.com/27bstroke6/2008/05/firefox-infects.html

-- Update May 9, 2008 --

The Vietnamese language pack for Firefox 2 was infected by the virus and every help file (*.xhtml) in the package appended with a script pointing to a remote website based in China. These modified files can be proactively detected and cleaned as the W32/Fujacks!htm virus, since the 5174 DAT files (November  29th, 2007).

W32/Fujacks!htm is a detection for the following type of files infected with the parasitic W32/Fujacks virus:

- asp
- aspx
- htm
- html
- jsp
- php

When infected, these type of files will act as a downloader when executed and download the W32/Fujacks virus.

Infected files are appended with an iframe with width=0 and height=0, so the user will not notice it. The iframe could also be used to point to a page serving exploits or ads. 

Symptoms

Symptoms -

The computer may become slow and may occasionally reboot due the infection of the executable files.
For the W32/Fujacks!htm infected files, they will have an iframe in the last line of the files.

Method of Infection

Method of Infection -

The W32/Fujacks virus searches the infected machine for the following file types to infect:

- asp
- aspx
- htm
- html
- jsp
- php

Infected files are appended with an iframe with width=0 and height=0, so the user will not notice it.

Removal -

Removal -

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A