Content

JS/FakeAlert.dldr.a

Type
Trojan
SubType
JavaScript
Discovery Date
09/18/2009
Length
Varies
Minimum DAT
5745 (09/18/2009)
Updated DAT
5746 (09/19/2009)
Minimum Engine
5.3.00
Description Added
09/18/2009
Description Modified
09/18/2009 2:43 AM (PT)
Risk Assessment
Corporate User
Low-Profiled
Home User
Low-Profiled

Tab Navigation

Characteristics

---Update on September 18, 2009---
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.eweek.com/c/a/Security/Botnet-Discovered-as-Source-of-Click-Fraud-Surge-496555/?kc=rss
--

This is a detection for a javascript that contains code for performing fake online malware scan.

The following are some websites that host this Trojan:

  • antispywaretotalscan6.com

Once a user accessed the website hosting this trojan, it displays fake malware infection alert.

Then it performs fake malware scanning and shows report of infection.

The user is prompted to download "Total Security". The file downloaded is detected as FakeAlert-BF.dldr

Symptoms

Presence of downloaded file.

Method of Infection

Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, etc.

Removal

-

Variants

Variants

    N/A

All Information

Overview -

This is a detection for a trojan that displays misleading fake alerts to entice the user into buying a product to "repair" malware problems

Characteristics

Characteristics -

---Update on September 18, 2009---
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.eweek.com/c/a/Security/Botnet-Discovered-as-Source-of-Click-Fraud-Surge-496555/?kc=rss
--

This is a detection for a javascript that contains code for performing fake online malware scan.

The following are some websites that host this Trojan:

  • antispywaretotalscan6.com

Once a user accessed the website hosting this trojan, it displays fake malware infection alert.

Then it performs fake malware scanning and shows report of infection.

The user is prompted to download "Total Security". The file downloaded is detected as FakeAlert-BF.dldr

Symptoms

Symptoms -

Presence of downloaded file.

Method of Infection

Method of Infection -

Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, etc.

Removal -

Removal -

-

Variants

Variants -

    N/A