Home / malware Trojan:JS/Redirector.JE
First posted on 21 April 2012.
Source: MicrosoftAliases :
Trojan:JS/Redirector.JE is also known as Trojan-Downloader.JS.Iframe.cwd (Kaspersky), HTML/Framer (AVG), HTML/IFrame.agp (Avira), Exploit.JS.Blacole (Ikarus), JS/Exploit-Blacole.s (McAfee).
Explanation :
Trojan:JS/Redirector.JE is a JavaScript that adds a hidden IFrame that points to other malware distributed via Blackhole kit servers. It may be embedded in an HTML file, which had been modified without the owner's knowledge. Hence it might be present in otherwise legitimate webpages.
Top
Trojan:JS/Redirector.JE is a JavaScript that adds a hidden IFrame that points to other malware distributed via Blackhole kit servers. It may be embedded in an HTML file, which had been modified without the owner's knowledge. Hence it might be present in otherwise legitimate webpages.
Some of the URLs the IFrame points to include the following:
- aliy9423.no-ip.org/<removed>go=2
- gigateria.in/<removed>.cgi?7
- grmanematibeeal.in/main.php?page=<removed>
- tds38.findhere.org/stds/<removed>.php?sid=1
- tds41.bestdeals.at/stds/<removed>.php?sid=1
Analysis by Wei Li
Last update 21 April 2012
