My colleague, Takashi Katsuki, posted a blog that describes how Trojan.Farfli provides a service to affiliates, which allows them to increase the number of hits for an affiliate’s tracker. Recently I came across another Trojan, which provides such a service: Trojan.Trafbrush.
When Trojan.Trafbrush is executed, it drops several components and registers a browser helper object (BHO). It then downloads two configuration files from 1.mailhunt.cn. One of the files is config.ini, which contains display options of a...
