Threat Database Trojans Mal/JSRedir-M


By GoldSparrow in Trojans

Threat Scorecard

Threat Level: 90 % (High)
Infected Computers: 13
First Seen: October 29, 2012
Last Seen: July 8, 2022
OS(es) Affected: Windows

Mal/JSRedir-M is one of the many known spam email message attachments that are included in corrupted emails that entice computer users into opening a link to the Black Hole Exploit Kit. In the case of the Mal/JSRedir-M compromised email attachment, Mal/JSRedir-M uses a message that claims to contain information about photos that the victim would have supposedly been interested in. Like most spam email messages that carry out similar attacks, the Mal/JSRedir-M uses a corrupted attachment that computer users are directed to open in their Web browser.

How the Mal/JSRedir-M Attack Works

Opening the attached file leads the victim to a website that is hosted on a Russian server. This is an attack website that will use the BlackHole Exploit Kit to look for a vulnerability in the infected computer's security and then will try to exploit this vulnerability to install threats on the infected computer. This tactic will use an email message that appears to have been sent by a LinkedIn contact. Mal/JSRedir-M will typically be attached in the form of an HTM file attachment with a name such as Image_DIG, followed by a random number and the HTM extension. If this harmful email attachment is opened, the victim will be sent to a website with a message asking the victim to wait. In the background, Mal/JSRedir-M, a JavaScript Trojan, is actually redirecting the victim to a website that makes use of the BlackHole Exploit Kit to take advantage of the victim's computer.

Why Mal/JSRedir-M and Other Browser Hijackers are Becoming Increasingly Common

Only a few years ago, the BlackHole Exploit Kit was a top of the line hacking tool to which only a few computer criminals had access. In fact, this threatening hacking tool was considerably expensive, and attacks involving this harmful exploit kit would have often required considerable financial backing and the help of a criminal with substantial computer knowledge. Unfortunately, a couple of years ago the BlackHole exploit kit was released in underground file sharing networks, meaning that even low level computer criminals gained access to this threatening hacking tool. This has meant that in 2011 and 2012 there have been a marked rise in attacks similar to the Mal/JSRedir-M JavaScript Trojan. These kinds of browser hijackers will typically use heavily obfuscated Java scripts in order to force computer users to visit attack websites. Security researchers have observed variants of Mal/JSRedir-M contained in social media messages, corrupted email attachments and embedded links in spam email.

File System Details

Mal/JSRedir-M may create the following file(s):
# File Name Detections


The following messages associated with Mal/JSRedir-M were found:

Please wait a moment. You will be forwarded..
Internet Explorer or Mozilla Firefox compatible only
Subject: Your Photos

Message body:
I have attached your photos to the mail (Open with Internet Explorer)


Most Viewed