Troj/JSRedir-EX

While some malware attacks can usually be avoided by simply not opening email attachments contained in unsolicited email messages, other attacks have the capacity to infect a computer system without any need for the computer user to physically open the infected email attachment. One of the malicious email attachments responsible for this rash of attacks is detected as Troj/JSRedir-EX. This attack is designed to infect the victim's computer as soon as the spam message containing the Troj/JSRedir-EX attachment is opened. To do this, Troj/JSRedir-EX exploits vulnerabilities in e-mail clients, in particular the two with the largest share of the market Microsoft's Outlook Express and Mozilla's Thunderbird. By disabling the need for having to open the infected email attachment, so the attack can take place, criminals have managed to infect several computer users which would normally not fall for these kinds of attacks.

Spam Traps Associated with Troj/JSRedir-EX

Attacks that do not require the user to open the email attachment were common a decade ago, when web-based email services were still a small percentage of email accounts. When most email accounts were managed from the user's computer rather than from the web browser, there were several worms that could do what Troj/JSRedir-EX does now. Now criminals have found a way to take advantage of this same vulnerability in Outlook Express and Thunderbird. A common spam trap associated with Troj/JSRedir-EX poses as a notice of account suspension from a well-known bank.

Surprisingly, the attack does not work at all times in Outlook Express; however, it seems that Thunderbird is particularly vulnerable to this attack. This is because Thunderbird renders the attachment automatically. However, this can be easily bypassed with Thunderbird's own security settings. If you use Outlook Express of Thunderbird regularly and the thought of becoming infected through the Troj/JSRedir-EX malicious email attachment scares you, you can prevent this attack by turning off inline attachments in your email settings and ensuring that your spam filter does not let through messages containing the Troj/JSRedir-EX attachment in the first place. The default installation of Thunderbird has rendering of inline attachments turned on, so you can simply go to settings and turn this option off in order to prevent the Troj/JSRedir-EX from being executed automatically.