1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Labs
  2. Threats
  3. Virus and threat descriptions
  4. Trojan.Iframe.BMY

Trojan.Iframe.BMY

Detections:Trojan.Iframe.BMY, Trojan.Iframe.BZW, Trojan.JS.Iframe.CVT
Category:Malware
Type:Trojan
Platform:W32

Summary

Trojan.Iframe.BMY (and the similar Trojan.JS.Iframe.CVT and Trojan.Iframe.BZW detections) identify webpages that contain a suspicious hidden iframe appended to the end of their HTML code.

Disinfection

Site owners who encounter these detections on their webpages should investigate the possibility that their site has been compromised.

If the iframe was not an authorized addition, the affected webpages should be updated to remove the suspect code.

Additional Details

The suspect iframe appended to the HTML code contains either:

  • A link to a website hosting a PHP script named "counter[space inserted].php", or
  • The iframe name 'Twitter' and a link to a HTML page located at a random web address

In the event that the link or PHP file referred to in the iframe is in fact legitimate, please submit the relevant details (and a copy of the PHP file) to our Labs via the Sample Analysis System (SAS) to check as a False Positive.