Home / malware Trojan:JS/Redirector.D
First posted on 23 January 2020.
Source: MicrosoftAliases :
Trojan:JS/Redirector.D is also known as Trojan-Clicker.HTML.IFrame.abn, JS/DwnLdr-HMX, Trojan.Script.7677, JS/Redirector.
Explanation :
JS/Redirector.D is detection for a JavaScript that calls decryption code used within an IFrame to decrypt a specifically obfuscated Javascript URL that typically is used to redirect users to websites other than they expected. The obfuscated Javascript may appear on a malicious Web site, or may be sent via an HTML-based e-mail message, or may be included as part of an exploit. InstallationThis Javascript does not install locally and is otherwise present as JavaScript within malicious Web pages. Payload Executes Script in IFrameWhen a Web page is viewed containing the malicious script, the JavaScript calls code that decrypts an encrypted string and writes it to the current document. The encrypted string is often a hyperlink to a site hosting additional malicious scripts. Analysis by Dan Kurc
Last update 23 January 2020