Threat Database Trojans Troj/JSRedir-EF

Troj/JSRedir-EF

By Sumo3000 in Trojans

The Troj/JSRedir-EF malicious script is a dangerous component in hacked websites that were detected in recent weeks (February and March of 2012). These indicate that computer criminals have managed to hack the OpenX advertisement in order to force legitimate websites to infect computer users with malware. The Troj/JSRedir-EF malicious script is usually the initial part of an attack that involves several components in order to compromise the victim's computer system. Typically, the Troj/JSRedir-EF malicious script will cause an additional, hidden, iframe element in the infected website to download a JavaScript Trojan instead of advertisement content.

The main thing to remember about the Troj/JSRedir-EF malicious script is the fact that Troj/JSRedir-EF will cause websites that are normally considered legitimate to become sources for malware infections. Because of this, ESG security analysts strongly recommend using a reliable anti-malware scanner to keep track of any potential dangers when browsing the web, and always heeding its advice, even if the website detected as potentially malicious is normally completely harmless. It could have become compromised with malware similar to the Troj/JSRedir-EF malicious script, so it is better staying away from these websites until their owners clean out their servers and remove all traces of any malicious scripts from their content.

How the Troj/JSRedir-EF Script Directs Computer Users to Malicious Content

Basically, OpenX uses the computer user's web browser to connect to a server designed to deliver advertisements. However, while this server will usually only contain advertisements relevant to the website's content, criminals have compromised several advertisement servers, replacing some advertisements with JavaScript Trojans. This means that a website infected with the Troj/JSRedir-EF malicious script will connect to these compromised advertisement servers and attempt to download malware disguised as a harmless advertisement.

The group delivering these malicious supposed advertisements is going by the handle 'BlackAdvertsPro'. However, the Troj/JSRedir-EF malicious script can direct the victim to other malicious websites, including an attack website designed to try a large number of different security exploits for known vulnerabilities in order to try to infect the victim's computer with a malware infection. ESG security analysts strongly advise website owners to keep track of any third-party content on their websites. While their website is not directly responsible for these malware attacks, it is part of the responsibility of anyone running a website to ensure that their advertisement content is malware-free.

Trending

Most Viewed

Loading...