Home / malwarePDF  

Trojan:SWF/Redirector.H


First posted on 13 September 2011.
Source: SecurityHome

Aliases :

There are no other names known for Trojan:SWF/Redirector.H.

Explanation :

Trojan:SWF/Redirector.H is a Shockwave file that contains specially-formed IFrame tags that point to websites containing malicious content, for example JavaScript containing an exploit for a specific vulnerability. The vulnerability being exploited may vary.


Top

Trojan:SWF/Redirector.H is a Shockwave file that contains specially-formed IFrame tags that point to websites containing malicious content, for example JavaScript containing an exploit for a specific vulnerability. The vulnerability being exploited may vary.

Files detected as Trojan:SWF/Redirector.H redirect browsers to the following webpages containing possibly malicious content:

  • 2<removed>0.109.98.222/k.htm
  • 2<removed>1.214.246.2/zip/zip.htm
  • 2<removed>1.1.217.92/mm.htm
  • 2<removed>2.52.83.181/my%201.html
  • 2<removed>ts.tv/mactv2005/CTSQA/cike1.htm
  • 3<removed>00cc.net/wm.htm
  • 5<removed>1ufo.com/zhufu/
  • 6<removed>.190.133.101/w.htm
  • 6<removed>6woool.com/shenqi.htm
  • 6<removed>.21.76.10/js/top.html
  • 8<removed>988.com/images/play/Cuteqqcn.htm
  • a<removed>850yy.xunzai.com/love.exe
  • a<removed>5china.27h.com/hehe.htm
  • a<removed>18.com/mm.htm
  • a<removed>getayi.go1.icpcn.com/love.htm
  • a<removed>my6.cn
  • c<removed>tv.com/admin/image/nav/image/image/yoo/index.html
  • d<removed>svres.com/Asp/newsletter.asp
  • g<removed>is.ewha.ac.kr/gcmc/index.htm
  • h<removed>ck.zggo.net/diy/web/hack/server.htm
  • h<removed>dxyzh.host1.nuno.cn/box.htm
  • h<removed>aiguaiguai.512j.com/index.html
  • h<removed>liao.512j.com/xskj.htm
  • i<removed>ru.moyu.com/1667/index.html?uid=13816&a=&b=&c=&d=&e=&f=
  • j<removed>keyshi.huanqiuit.com/zx.htm
  • j<removed>yo.com/union/eb.asp?k=3&source=ad4all_7699
  • k<removed>0598.phpnet.us/123.htm
  • l<removed>yufei.512j.com/001.htm
  • l<removed>yufei.512j.com/520.htm
  • <removed>gameu.moyu.com/1007/index.html?uid=13816&a=&b=&c=&d=&e=&f=
  • <removed>msu.moyu.com/1246/index.html?uid=13816&a=&b=&c=&d=&e=&f=
  • <removed>msu.moyu.com/1585/index.html?uid=13816&a=&b=&c=&d=&e=&f=
  • <removed>tv666.com/gb/index.asp?user=0724
  • <removed>uma.com/muma.htm
  • <removed>etdoumi.co.kr/madang/board/cmn/zb.htm
  • <removed>g.a8.com/sgad/popfull1/full1_anco_uid_907.html
  • <removed>htm1.com/count/counter.ap?id=all
  • <removed>msyy.cn/img/img/img/tt/1.htm
  • <removed>.sl.iciba.com/union/coopen/style_605.html?id=51413&uid=9453&sid=0
  • user.f<removed>ee.77169.net/6634323/SwzSer.exe
  • xxoxx.<removed>et/xx/xx.htm
  • yakbod<removed>ng.co.kr/include/k.htm
  • zejin.<removed>2o.cn/rj/rj.htm




Analysis by Ric Robielos

Last update 13 September 2011

 

TOP

Malware :

Family: