Home / malware Trojan:JS/Redirector.BF
First posted on 08 February 2010.
Source: SecurityHomeAliases :
Trojan:JS/Redirector.BF is also known as JS/Redir.AH (Authentium (Command)), Trojan-Downloader.JS.Pegel.e (Kaspersky), JS.Redirector.Gen (VirusBuster), JS/Obfuscated (AVG), Trojan.JS.QAZ (BitDefender), JS.Click.61 (Dr.Web), JS/TrojanDownloader.Agent.NRL (ESET), Trojan-Downloader.JS.Agent (Ikarus), JS/Redirector.E (McAfee), Troj/JSRedir-AK (Sophos), Trojan.JS.Redirector.bg (Sunbelt Software), Trojan.Malscript.B (Symantec), JS_ONLOAD.SMF (Trend Micro).
Explanation :
Trojan:JS/Redirector.BF is the detection for certain JavaScript contained within Web pages. This JavaScript trojan may be present in a malicious Web site, and may redirect users to Web sites other than expected. It is also possible for an attacker to craft HTML-based e-mail messages containing the script.
Top
Trojan:JS/Redirector.BF is the detection for certain JavaScript contained within Web pages. This JavaScript trojan may be present in a malicious Web site, and may redirect users to Web sites other than expected. It is also possible for an attacker to craft HTML-based e-mail messages containing the script. Trojan:JS/Redirector.BF generates dynamic Javascript codes that redirect the user to other Web sites. The destination Web page of the redirect may contain specially formed IFrame tags that point to yet other remote Web sites containing malicious content, for example an exploit for a specific vulnerability. In the wild, Trojan:JS/Redirector.BF has been observed to redirect the browser to one of the following pages: livejournal-com.qip.ru.6-cn.theaworld.ru:8080/rapid4me.com/rapid4me.com/orbitdownloader.com/clickbank.com/google.com/ xnxx-com.nu.nl.w3-org.goldgolfbag.ru:8080/weebly.com/weebly.com/laredoute.fr/google.com/rincondelvago.com/ sciencedirect-com.lequipe.fr.gamestop-com.superore.ru:8080/verycd.com/verycd.com/google.com/zaobao.com/rakuten.co.jp/
Analysis by Rodel FinonesLast update 08 February 2010
