Mal/JSRedir-M
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 90 % (High) |
| Infected Computers: | 13 |
| First Seen: | October 29, 2012 |
| Last Seen: | July 8, 2022 |
| OS(es) Affected: | Windows |
Mal/JSRedir-M is one of the many known spam email message attachments that are included in corrupted emails that entice computer users into opening a link to the Black Hole Exploit Kit. In the case of the Mal/JSRedir-M compromised email attachment, Mal/JSRedir-M uses a message that claims to contain information about photos that the victim would have supposedly been interested in. Like most spam email messages that carry out similar attacks, the Mal/JSRedir-M uses a corrupted attachment that computer users are directed to open in their Web browser.
Table of Contents
How the Mal/JSRedir-M Attack Works
Opening the attached file leads the victim to a website that is hosted on a Russian server. This is an attack website that will use the BlackHole Exploit Kit to look for a vulnerability in the infected computer's security and then will try to exploit this vulnerability to install threats on the infected computer. This tactic will use an email message that appears to have been sent by a LinkedIn contact. Mal/JSRedir-M will typically be attached in the form of an HTM file attachment with a name such as Image_DIG, followed by a random number and the HTM extension. If this harmful email attachment is opened, the victim will be sent to a website with a message asking the victim to wait. In the background, Mal/JSRedir-M, a JavaScript Trojan, is actually redirecting the victim to a website that makes use of the BlackHole Exploit Kit to take advantage of the victim's computer.
Why Mal/JSRedir-M and Other Browser Hijackers are Becoming Increasingly Common
Only a few years ago, the BlackHole Exploit Kit was a top of the line hacking tool to which only a few computer criminals had access. In fact, this threatening hacking tool was considerably expensive, and attacks involving this harmful exploit kit would have often required considerable financial backing and the help of a criminal with substantial computer knowledge. Unfortunately, a couple of years ago the BlackHole exploit kit was released in underground file sharing networks, meaning that even low level computer criminals gained access to this threatening hacking tool. This has meant that in 2011 and 2012 there have been a marked rise in attacks similar to the Mal/JSRedir-M JavaScript Trojan. These kinds of browser hijackers will typically use heavily obfuscated Java scripts in order to force computer users to visit attack websites. Security researchers have observed variants of Mal/JSRedir-M contained in social media messages, corrupted email attachments and embedded links in spam email.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | Image_DIG[RANDOM NUMBER].htm |
Messages
The following messages associated with Mal/JSRedir-M were found:
|
Please wait a moment. You will be forwarded..
Internet Explorer or Mozilla Firefox compatible only |
|
Subject: Your Photos
Message body: Hi, I have attached your photos to the mail (Open with Internet Explorer) |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.