Home / malwarePDF  

Trojan:JS/Redirector.JI


First posted on 16 May 2012.
Source: Microsoft

Aliases :

Trojan:JS/Redirector.JI is also known as Trojan-Downloader.JS.DarDuk.kt (Kaspersky), JS/Dldr.Agent.AX.36 (Avira), JS:Trojan.JS.Agent.BT (BitDefender), JS.Redirector.114 (Dr.Web), JS/Agent.NEN trojan (ESET), JS/Exploit-Blacole.am (McAfee), Troj/JSRedir-FV (Sophos).

Explanation :



Trojan:JS/Redirector.JI is the detection for obfuscated JavaScript contained within webpages. It is usually found at the end of the webpage.



Installation

Trojan:JS/Redirector.JI may be added to legitimate webpages through malicious means, or may be in websites specially crafted for malicious purposes.



Payload

Redirects web browser

In the wild, Trojan:JS/Redirector.JI has been observed to redirect the browser to any of the following URLs:

  • 00ai167.bdcfwpndqm.is-a-therapist.com
  • 14q6147.weyqeibuvi.podzone.net
  • 17166.chtlomtpks.homeftp.net
  • 229ue.thnbpgmyys.dyndns-mail.com
  • 2h4dz.auppwsgnox.webhop.biz
  • 305yoy.bdcfwpndqm.is-a-therapist.com
  • 32v4949.bspcjikkph.dyndns-home.com
  • 3yuut.hnxbptlmuf.servegame.org
  • 3z406.jyyrepdrqg.dyndns-free.com
  • 4238ho.fjqydkotia.podzone.net
  • 45ow4.tlkamhsdss.servebbs.com
  • 4bqxx5rp.thnbpgmyys.dyndns-mail.com
  • 4d4xx6jv.bdcfwpndqm.is-a-therapist.com
  • 4fhfe.bspcjikkph.dyndns-home.com
  • 528yer.hnxbptlmuf.servegame.org
  • 5m3f9b.qujgxgulis.blogdns.com
  • 7ulw7.tlkamhsdss.servebbs.com
  • 845071.thnbpgmyys.dyndns-mail.com
  • 91e7q25.kckbaqhcsy.dyndns-server.com
  • ayq589fh.chtlomtpks.homeftp.net
  • cfesp.hnxbptlmuf.servegame.org
  • d79jp86f.auppwsgnox.webhop.biz
  • fo8sq3f.bspcjikkph.dyndns-home.com
  • huq9q.tlkamhsdss.servebbs.com
  • l6191.jyyrepdrqg.dyndns-free.com
  • m65po5.auppwsgnox.webhop.biz
  • n6623.chtlomtpks.homeftp.net
  • p8259.jyyrepdrqg.dyndns-free.com
  • r35vzn.fjqydkotia.podzone.net
  • rq514tc.bdcfwpndqm.is-a-therapist.com
  • sap9b.qujgxgulis.blogdns.com
  • ss488v92.bspcjikkph.dyndns-home.com
  • suz4djd.jyyrepdrqg.dyndns-free.com
  • szouf.auppwsgnox.webhop.biz
  • t451hs.chtlomtpks.homeftp.net
  • uaf5rpdk.qujgxgulis.blogdns.com
  • y9nrx66v.kckbaqhcsy.dyndns-server.com
  • z02l1.bdcfwpndqm.is-a-therapist.com
  • z3rf9.fjqydkotia.podzone.net
  • z9o8w.thnbpgmyys.dyndns-mail.com




Analysis by Hyun Choi

Last update 16 May 2012

 

TOP