Virus : W32/Fujacks!htm

**Anilrgowda** · 22-Jan-2007, 09:48 AM

Virus Profile: W32/Fujacks!htm

Risk Assessment - Home Users: Low - Corporate Users: Low Date Discovered: 12/21/2006 Date Added: 12/21/2006 Origin: N/A Length: variable length Type: Virus SubType: Win32 DAT Required: 4924 Virus Characteristics

These type of infected files:
- htm
- html
- asp
- php
- jsp
- aspx

When executed by a browser, will download in background a variant of W32/Fujacks parasitic virus, which will infect the following files:
- EXE
- SCR
- PIF
- COM

and the already cited types above.
When infecting the html,htm,asp,php,jsp and aspx files, it will append an iframe with width=0 and height=0, so the user will not notice it.
Indications of Infection

The computer may become slow and may occasionally reboot due the infection of the executable files.
For the W32/Fujacks!htm infected files, they will have an iframe in the last line of the files.
Method of Infection

The W32/Fujacks virus will search several different vectors to find these type of files:
- htm
- html
- asp
- php
- jsp
- aspx
- EXE
- SCR
- PIF
- COM

So it can infect them.

Removal Instructions

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.
Additional Windows ME/XP removal considerations

22-Jan-2007, 09:48 AM	#1 (permalink)
Anilrgowda Administrator Posts: 18,715 Join Date: Jan 2006 Rep Power: 10 IM:	Virus : W32/Fujacks!htm Virus Profile: W32/Fujacks!htm Risk Assessment - Home Users: Low - Corporate Users: Low Date Discovered: 12/21/2006 Date Added: 12/21/2006 Origin: N/A Length: variable length Type: Virus SubType: Win32 DAT Required: 4924 Virus Characteristics These type of infected files: - htm - html - asp - php - jsp - aspx When executed by a browser, will download in background a variant of W32/Fujacks parasitic virus, which will infect the following files: - EXE - SCR - PIF - COM and the already cited types above. When infecting the html,htm,asp,php,jsp and aspx files, it will append an iframe with width=0 and height=0, so the user will not notice it. Indications of Infection The computer may become slow and may occasionally reboot due the infection of the executable files. For the W32/Fujacks!htm infected files, they will have an iframe in the last line of the files. Method of Infection The W32/Fujacks virus will search several different vectors to find these type of files: - htm - html - asp - php - jsp - aspx - EXE - SCR - PIF - COM So it can infect them. Removal Instructions A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files. Additional Windows ME/XP removal considerations

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)