Home / malwarePDF  

Trojan:JS/Redirector.DO


First posted on 20 July 2010.
Source: SecurityHome

Aliases :

Trojan:JS/Redirector.DO is also known as JS/Redir.BL (Authentium (Command)), Trojan-Downloader.JS.Pegel.g (Kaspersky), JS.Redirector.Gen.8 (VirusBuster), JS/Obfuscated (AVG), JS/Redirector.2259 (Avira), JS/Redirector.E (CA), JS.Redirector.64 (Dr.Web), JS/TrojanDownloader.Pegel.BR (ESET), Trojan-Downloader.JS.Pegel (Ikarus), JS/Obfuscated.c (McAfee), Troj/JSRedir-BO (Sophos), Trojan.JS.Redirector.bg (Sunbelt Software), Trojan.Malscript!html (Symantec), JS_PEGEL.C (Trend Micro).

Explanation :

Trojan:JS/Redirector.DO is a detection for web pages that redirect the browser to a different website.
Top

Trojan:JS/Redirector.DO is a detection for web pages that redirect the browser to a different website. The content of a page that Trojan:JS/Redirector.DO redirects to is obfuscated in an attempt to make it appear as if nothing malicious is happening. For instance, Trojan:JS/Redirector.DO redirects the browser to the website "whhothatgirl-kiev-ua.1gb.ua/z.html", which is obfuscated as "hytjtQpj:y/H/HwHh,hQo,tHh,a,tQgHiQr,lQ-ykHije,vQ-QuyaQ.y1,gjb,.yuQa,/yzy.,hjt,m,ly".

Analysis by Dan Nicolescu

Last update 20 July 2010

 

TOP