JS/Febipos [Threat Name] go to Threat

JS/Febipos.A [Threat Variant Name]

Category trojan
Size 120192 B
Detection created May 14, 2013
Detection database version 8331
Aliases JS/Febipos.H.9 (Avira)
Short description

JS/Febipos.A is a trojan that can interfere with the operation of certain applications. The file is run-time compressed using RAR .

Installation

When executed, the trojan creates the following files:

  • %currentfolder%\­chrome.manifest (173 B)
  • %currentfolder%\­icon.png (9055 B)
  • %currentfolder%\­icon128.png (9055 B)
  • %currentfolder%\­icon16.png (990 B)
  • %currentfolder%\­icon48.png (2031 B)
  • %currentfolder%\­manifest.json (878 B)
  • %currentfolder%\­routine.js (109043 B, JS/Febipos.A)
  • %currentfolder%\­unins.js (1064 B, JS/Febipos.A)

The trojan is a malicious Google Chrome, Mozilla Firefox extension/plugin.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a list of (12) URLs. The HTTP protocol is used.


It can execute the following operations:

  • modify the content of websites
  • update itself to a newer version
  • post messages on social networks
  • create comments on social networks
  • invite users of social networks to events
  • join events on social networks
  • create posts on social networks
  • tag users in posts on social networks
  • invite social networks users into groups
  • share posts on social networks
  • "like" posts on social networks
  • "like" pages on social networks
  • "follow" users/posts on social networks
  • various file system operations

The following social networking sites are affected:

  • Facebook
  • Google+
  • Twitter

Please enable Javascript to ensure correct displaying of this content and refresh this page.