Home / malwarePDF  

Trojan:JS/Redirector.JE


First posted on 21 April 2012.
Source: Microsoft

Aliases :

Trojan:JS/Redirector.JE is also known as Trojan-Downloader.JS.Iframe.cwd (Kaspersky), HTML/Framer (AVG), HTML/IFrame.agp (Avira), Exploit.JS.Blacole (Ikarus), JS/Exploit-Blacole.s (McAfee).

Explanation :

Trojan:JS/Redirector.JE is a JavaScript that adds a hidden IFrame that points to other malware distributed via Blackhole kit servers. It may be embedded in an HTML file, which had been modified without the owner's knowledge. Hence it might be present in otherwise legitimate webpages.


Top

Trojan:JS/Redirector.JE is a JavaScript that adds a hidden IFrame that points to other malware distributed via Blackhole kit servers. It may be embedded in an HTML file, which had been modified without the owner's knowledge. Hence it might be present in otherwise legitimate webpages.

Some of the URLs the IFrame points to include the following:

  • aliy9423.no-ip.org/<removed>go=2
  • gigateria.in/<removed>.cgi?7
  • grmanematibeeal.in/main.php?page=<removed>
  • tds38.findhere.org/stds/<removed>.php?sid=1
  • tds41.bestdeals.at/stds/<removed>.php?sid=1




Analysis by Wei Li

Last update 21 April 2012

 

TOP