Troj/Ifrin-A

Posted: April 11, 2013

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	9/10
Infected PCs:	61

First Seen:	April 11, 2013
Last Seen:	July 13, 2021
OS(es) Affected:	Windows

Troj/Ifrin-A is a Web-based PC threat that disguises itself as a login window for your Postepay account – a brand of prepaid card that's especially popular in Italy. Because Troj/Ifrin-A's attack opens its gambit from a Postepay-themed spam e-mail and actually does open the real Postepay website, a careless PC user can be tricked into believing that Troj/Ifrin-A is the real login window. Naturally, any account information that's entered into Troj/Ifrin-A's window is transferred, not to Postepay, but to criminals who use the information to hijack Postepay accounts. If you've made the mistake of opening Troj/Ifrin-A's e-mail attachment, SpywareRemove.com malware researchers consider the possession of updated anti-malware tools to be both the best way to block a Troj/Ifrin-A attack and the fastest way to remove Troj/Ifrin-A from your computer.

Why You Shouldn't Pay Troj/Ifrin-A Posthaste

Troj/Ifrin-A is one of the world's innumerable e-mail-distributed PC threats, with its current messages pretending to be notifications from the Postepay company. Troj/Ifrin-A's subject lines also imply that repeated contact has been attempted, with the underlying suggestion that, if you fail to respond to this attempt, your Postepay account may suffer some form of penalty. Troj/Ifrin-A's e-mail spam does not include any form of direct URL link, but, instead, includes an attached HTML file that SpywareRemove.com malware experts note serves essentially the same purpose as a link.

The file attachment, the actual file of Troj/Ifrin-A, does, indeed, load the Postepay website – but with a crucial difference compared to a direct link. Troj/Ifrin-A also loads an iFrame injection attack that poses as a fake login window for Postepay that's superimposed over the legitimate web page. SpywareRemove.com malware experts warn that Troj/Ifrin-A's window is designed to look identical to a real Postepay login window and can easily lure any PC users into entering their confidential information – a phishing attack that, when successful, gives criminals control over your Postepay account.

How to Keep Your Cash Cards from Postepay's Evil Clone

Troj/Ifrin-A's web content appears to be hosted on a hacked pet supplies company site for the United Kingdom, but, even if the compromised server is corrected, Troj/Ifrin-A most likely will find new servers in due time. SpywareRemove.com malware researchers also have some interest in the minor defense that Troj/Ifrin-A levies against any anti-malware detection: a checksum-obfuscating segment of text that quotes Shakespeare, but doesn't display on the PC user's computer. Fortunately, since similar hash scramblers have been seen in heavy use by various types of PC threats for years, only the most basic of security programs should be fooled by this trick.

Deleting Troj/Ifrin-A's file attachment without opening it will prevent Troj/Ifrin-A from being able to phish for your login details, and SpywareRemove.com malware experts always encourage scanning such suspicious files before you try to open them. If your Postepay information already has been stolen by Troj/Ifrin-A, you should contact Postepay and take actions to change your account password and any other relevant information.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

Cliente.html

File name: Cliente.html
Mime Type: unknown/html
Group: Malware file

Additional Information

The following messages's were detected:

#	Message
1	To be, or not to be: that is the question: Whether 'tis nobler in the mind to suffer The slings and arrows of outrageous fortune, Or to take arms against a sea of troubles, And by opposing end them? To die: to sleep; No more; and by a sleep to say we end The heart-ache and the thousand natural shocks That flesh is heir to, 'tis a consummation Devoutly to be wish'd. To die, to sleep; To sleep: perchance to dream: ay, there's the rub; For in that sleep of death what dreams may come When we have shuffled off this mortal coil, Must give us pause: there's the respect That makes calamity of so long life; For who would bear the whips and scorns of time, The oppressor's wrong, the proud man's contumely, The pangs of despised love, the law's delay, The insolence of office and the spurns That patient merit of the unworthy takes, When he himself might his quietus make With a bare bodkin? who would fardels bear, To grunt and sweat under a weary life, But that the dread of something after death, The undiscover'd country from whose bourn No traveller returns, puzzles the will And makes us rather bear those ills we have Than fly to others that we know not of? Thus conscience does make cowards of us all; And thus the native hue of resolution Is sicklied o'er with the pale cast of thought, And enterprises of great pith and moment With this regard their currents turn awry, And lose the name of action. - Soft you now! The fair Ophelia! Nymph, in thy orisons Be all my sins remember'd.

Message

To be, or not to be: that is the question:
Whether 'tis nobler in the mind to suffer The slings and arrows of outrageous fortune, Or to take arms against a sea of troubles, And by opposing end them? To die: to sleep; No more; and by a sleep to say we end The heart-ache and the thousand natural shocks That flesh is heir to, 'tis a consummation Devoutly to be wish'd. To die, to sleep; To sleep:
perchance to dream: ay, there's the rub; For in that sleep of death what dreams may come When we have shuffled off this mortal coil, Must give us pause: there's the respect That makes calamity of so long life; For who would bear the whips and scorns of time, The oppressor's wrong, the proud man's contumely, The pangs of despised love, the law's delay, The insolence of office and the spurns That patient merit of the unworthy takes, When he himself might his quietus make With a bare bodkin? who would fardels bear, To grunt and sweat under a weary life, But that the dread of something after death, The undiscover'd country from whose bourn No traveller returns, puzzles the will And makes us rather bear those ills we have Than fly to others that we know not of?
Thus conscience does make cowards of us all; And thus the native hue of resolution Is sicklied o'er with the pale cast of thought, And enterprises of great pith and moment With this regard their currents turn awry, And lose the name of action. - Soft you now!
The fair Ophelia! Nymph, in thy orisons
Be all my sins remember'd.