Friday, April 20, 2012

Kaspersky warns of link-tracking "trojan", possibly recent


Today, on my Toshiba notebook computer, while I was testing it with my iPad hotspot, Kaspersky warned me about a potential torjan called “Trojan.JS.Frame.yi”, which I see that I documented here Feb. 22, 2012.  But it also tracked the item to “lynktracker.com/XrstX/public”.  Curiously, the incident happened only once, and while Kaspersky was updating its data file.  This could relate to a data signature not available until today.
Neither McAfee, Norton, nor Webroot/Sophos have returned similar results. 

However, the "trojan" may be what the older Webroot/Spysweeper application used to call a "tracking cookie" and would quarantine as such. Kaspersky would not let it "load". 

Google Safebrowsing has a seemingly self-contradictory report which says that Lynktracher has been always seen as safe, but today (April 20) detected suspicious activity and had “infected” 400+ domains, many of them on blogspot.  I have reason to believe that it could gave something to do with one particular third party gadget advertising  (clothing) fashions.   As a precaution, I removed this gadget today from one of my blogs that had it. 

The link is here. The contents of the report here could change quickly. The Safebrowsing report on "blogspot" itself is interesting, and blog names can be inserted into the search parameter. 

Lynktracker has a good reputation with “Webutation” here

McAfee also has a favorable report here. But the domain cannot be accessed directly (gives a "Forbidden"). 

It would seem likely that the item has to do with tracking consumer behavior for behavioral advertising, and could not run if a browser “do not track” option is turned on.  But behavioral tracking is not by itself defined as malicious.


No comments: