Trojan:JS/Iframeinject.A

Trojan:JS/Iframeinject.A is a trojan that injects Iframes, containing additional malicious code, into Web pages dynamically as they are viewed. This trojan resides on compromised Web servers.

Trojan:JS/Iframeinject.A is encountered when a user visits a compromised Web page. 

 

When a user views a page containing the trojan JavaScript, it executes and checks for an infection marker in the local cookie file for the current Web page. If it does not locate the marker, the script injects an Iframe into the currently viewed Web page that contains a link to a remote Web site for the file 'q.htm'. This file is detected as Exploit:JS/Mult.L.

 

Exploit:JS/Mult.L contains code that attempts to exploit particular vulnerabilities in order to download and execute malicious files.

 

JS/Iframeinject.A may track "infection counts", or script execution counts by injecting additional JavaScript that executes a Web counter.

At the time of publishing, 'q.htm' (detected as Exploit:JS/Mult.L) was no longer available.