Home / malwarePDF  

Trojan:JS/Tadtruss.A


First posted on 29 December 2011.
Source: Microsoft

Aliases :

Trojan:JS/Tadtruss.A is also known as Trojan.JS.Redirector.bg (Kaspersky), JS/Redir.FY (Norman).

Explanation :

Trojan:JS/Tadtruss.A is a trojan JavaScript that redirects a web browser to another site. In the wild, this trojan was observed to redirect users to sites that distribute other malware.
Top

Trojan:JS/Tadtruss.A is a trojan JavaScript that redirects a web browser to another site. In the wild, this trojan was observed to redirect users to sites that distribute other malware.

Installation
This trojan has been observed to be installed on compromised servers. The malicious JavaScript is commonly installed by a remote attacker by using an attack method such as SQL injection.

Payload
Redirects web browser traffic When a user visits the compromised site using a web browser and opens the malicious script, the browser is redirected to another site that could result in downloading and executing other malware, or the display of unwanted content. In the wild, this trojan JavaScript was observed to redirect browsers to any of the following domains for this purpose:

  • 777inter.net
  • abusing.stopspams.net
  • allradiohits.com
  • aqi.fizhox.cn
  • ayanna-drr.cz.cc
  • bezsvyazi.ru
  • bosstraff.co.cc
  • cablick.com
  • clea.yourcollectorcar.net
  • col.yourcollectorcar.net
  • comics-hentai.com
  • dats.yourcollectorcar.net
  • detectspywares.info
  • enxefkge.cz.cc
  • eqxdhyfl.ce.ms
  • expstats2.net
  • fickporn.com
  • for.yourcollectorcar.net
  • free-lesbian-pic.in
  • gaagle.name
  • goldstats1.net
  • googl-analistic.com
  • grandsupport.net
  • hist.theyourlife.com
  • hom.yourcollectorcar.net
  • imp.theyourlife.com
  • itsallbreaksoft.net
  • jlwlngmx.ce.ms
  • kvnfkpgu.cz.cc
  • lexi-bb.cz.cc
  • lie.theyourlife.com
  • madyson-av.cz.cc
  • mark.theyourlife.com
  • mint.extrasdiscount.net
  • mister-proper.uni.cc
  • moc.theyourlife.com
  • mucounter.co.cc
  • netservice2.net
  • niwmsdmr.ce.ms
  • onlinedetect.com
  • paa.opyaxa.cn
  • qtrgegah.ce.ms
  • qybgqpsy.ce.ms
  • rar.bestangelsblog.info
  • sdfw3ddsadsa.com
  • seaarch.info
  • search4us.us
  • searchbert.com
  • searchglobalsite.com
  • searchworld.biz
  • vzaynvro.ce.ms
  • wcwrwpea .cz.cc
  • wellcome-av-003.info
  • wes.yourcollectorcar.net
  • xmarketatom333.com
  • yandex-yandex.uni.cc
  • yourbestway.cn
  • zer.extrasdiscount.net
Additional information This malware may be installed collectively with other malware, such as variants of the "Blackhole" exploit, on a compromised server.

Analysis by Ric Robielos

Last update 29 December 2011

 

TOP

Malware :

Family: