Troj/JSRedir-HT
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 90 % (High) |
| Infected Computers: | 2 |
| First Seen: | June 27, 2012 |
| Last Seen: | August 11, 2021 |
| OS(es) Affected: | Windows |
After the recent reports of the Windows XML Core zero-day vulnerability reported in June of 2012, ESG security analysts have started to find attacks that take advantage of it. One of the most recent of these, detected as Troj/JSRedir-HT by some security software, was an attack on the jobs website of an important hotel chain. Attacks involving this exploit have been observed on a European medical website and in various suspected state-sponsored attacks as well as in an aeronautical parts supplier's web page. A website that has been compromised will cause its visitors to be infected with malware. This is particularly dangerous because the websites serving up malware will often be normally trustworthy. Due to carelessness on the part of the website's administrator and the work of hackers, these websites can cause infections on unsuspecting computer users that would otherwise not be infected with these kinds of malware threats.
Troj/JSRedir-HT is a malicious script that was injected into this website. Composed of a single line of code in the website's homepage, it loaded a malicious JavaScript named icon.js, which is obfuscated with a sophisticated packer. This malicious JavaScript in turn downloads a file named media_view.html in an iFrame which in turn loads the malicious script deployJava.js which has been seen in identical attacks. This malicious script will also load the Geoffrey.swf file which, using a vulnerability in Adobe Flash, will load the map.exe file which allows criminals to infect the victim's computer with malware.
How to Avoid Becoming a Victim of the Troj/JSRedir-HT Attack
A patch for the Windows XML Core vulnerability that has enabled these attacks has not been released. However, Microsoft has released a Quick Fix for this problem that all computer users should download in order to be protected while Microsoft releases a permanent fix in its next security update. It is also important to maintain your anti-malware scanner fully up to date, especially since this attack is fairly recent (June of 2012.) While Troj/JSRedir-HT may have been present before, Troj/JSRedir-HT was not made public by Google and Microsoft until May 30 of 2012. A good precaution would be to disable JavaScript and to enable it only if you need it specifically. Website owners and administrators should also take extra care to ensure that their websites are protected from hackers and from the insertion of malicious scripts.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.