UPDATE: Trojan still being served as of August 24, 2008
Lucky for me Windows OneCare stopped any infection or issues.
Early yesterday morning I was browsing shoutwire.com and OneCare notified me of two Trojan JavaScript's that tried to run. I closed the browser, let OneCare clean them and didn't think a lot about it. (See OneCare is good for something after all).
Well this morning I went back to see if it was just a fluke but it wasn't, and got hit again with the two Trojans. Cleaned them off once again.
I imagine it is probably from banner ads being served on shoutwire and not the site itself, seeing as there have been a lot of news lately about nefarious ad scripts.
If you have been to shoutwire.com in at least the last 48 hours then you might want to give your PC a scan to make sure these two Trojans didn't infect your system.
Trojan: JS/Redirector.N and Trojan: JS/Aseljo.K are the culprits.
I guess I won't be going back to ShoutWire for a while...
UPDATE 7/19/2008 - It appears that the folks at Shoutwire.com have fixed or removed whatever was serving up the nasty Trojan JavaScripts.
UPDATE 7/23/2008 - The Trojan is back on Shoutwire
------------------------------
Windows OneCare Live Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows OneCare Live can't undo changes that you allow.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Redirector.N&threatid=2147607558
Scan ID: {549555C1-09A0-46C7-BFB2-2D1B2755D922}
Agent: On Access
User: ALLENP650\Allen
Name: Trojan:JS/Redirector.N
ID: 2147607558
Severity: Severe
Category: Trojan
Path Found: file:C:\Documents and Settings\Allen\Local Settings\Temporary Internet Files\Content.IE5\COJ5231H\ngg[1].js
Alert Type:
Process Name: C:\Program Files\Internet Explorer\iexplore.exe
Detection Type: Concrete
Status: Suspend
---
Windows OneCare Live Real-Time Protection agent has taken action to protect this machine from spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Aseljo.K&threatid=2147609005
Scan ID: {9C763DA3-AF5A-4A02-B81B-B4974E9234E7}
User: ALLENP650\Allen
Name: Trojan:JS/Aseljo.K
ID: 2147609005
Severity: Severe
Category: Trojan
Alert Type:
Action: Remove
-------------------------------
Trojan:JS/Redirector.N
Summary
Trojan:JS/Redirector.N is detection for specific JavaScript contained within Web pages. This JavaScript trojan may be injected into an HTML page via an SQL injection attack, or may be present on a malicious Web site, and may redirect users to Web sites other than expected. It is also possible for an attacker to craft HTML-based e-mail messages containing the script.
Symptoms
There are no common symptoms associated with this threat - links are activated within IFrames while viewing Web content on maliciously modified pages. Alert notifications from installed Antivirus software may be the only symptom(s).
----
Trojan:JS/Aseljo.K
This software threat is detected by the Microsoft antivirus engine. Technical details are not currently available for this threat.
Share, Bookmark or Email