Home / malware Trojan:JS/Redirector.JL
First posted on 28 February 2013.
Source: MicrosoftAliases :
Trojan:JS/Redirector.JL is also known as HTML/ScrInject.B.Gen (ESET), JS/Redirector.JL.1 (Avira), Troj/JSRedir-GW (Sophos), Trojan.JS.Redirector (Ikarus), JS/Redir (AVG).
Explanation :
Installation
Trojan:JS/Redirector.JL may be detected on your computer if you visit a malicious or compromised webpage.
The trojan is a JavaScript that may be injected into malicious or compromised webpages via SQL injection.
Payload
If you visit a webpage that contains Trojan:JS/Redirector.JL, your browser may be redirected to a malicious website. Your browser may continue to be redirected multiple times.
These malicious websites may contain other malware, including rogues and exploits.
In the wild, we have observed this trojan redirecting web browsers to a number of URLs, including the following:
- fgthyj.com/<removed>.php
- hgbyju.com/<removed>.php
- hnjhkm.com/<removed>.php
- nikjju.com/<removed>.php
- nmmkmm.com/<removed>.php
- statsmy.com/<removed>.php
- stmyst.com/<removed>.php
Note that this list is not exhaustive.
Analysis by Karthik Selvaraj
Last update 28 February 2013
