Troj/Redir-P
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 90 % (High) |
| Infected Computers: | 4 |
| First Seen: | July 27, 2012 |
| Last Seen: | April 21, 2023 |
| OS(es) Affected: | Windows |
Troj/Redir-P is one of the many variants of malicious scripts designed to force victims to visit a hacked Russian website which attacks the victim's computer using the BlackHole Exploit Kit. Since May of 2012, these have become a common component of a wave of spam email messages that has affected computers all over the world. Because of the prevalence of this kind of threats, ESG malware analysts recommend avoiding opening or viewing any unsolicited email attachments, even it looks like it came from a trusted source (email addresses can be spoofed quite easily)! You should also keep your anti-spam filter and anti-malware software fully updated so that it will be able to search and prevent the kinds of redirects that Troj/Redir-P and other similar Trojans cause on infected computers.
Although only a few years ago the use of the BlackHole Exploit Kit required advanced computer knowledge and very deep pockets (hackers would pay thousands of dollars for access to this hacking tool,) the 2011 public release of this dangerous exploit kit resulted in a dramatic increase of attack websites using this tool to attack computers. In addition to the Troj/Redir-P Trojan, ESG security researchers have also observed other Trojans, such as Troj/Redir-O and Troj/PDFEx-GD associated with these attack websites. Troj/Redir-P in particular uses an email message written in German which claims to contain important photographs in an attached file. However, the attachment is actually Troj/Redir-P itself.
Table of Contents
How Criminals Infect Your Computer with the Troj/Redir-P Trojan
Email messages associated with Troj/Redir-P are sent to email addresses with the '.de' suffix, which corresponds to German servers. Like a French scam detected in early July of 2012, Troj/Redir-P's malicious email will claim that its email attachment contains important photos. Curious computer users, wanting to get more information, may open the attached file, resulting in a redirect to a hacked Russian website that uses a BlackHole Exploit Kit attack to infect the victim's computer with malware. ESG malware analysts have observed that the email messages containing Troj/Redir-P use fake sender email addresses in order to dupe PC users into thinking that they are legitimate. Samples detected in the wild had email addresses corresponding to LinkedIn or Habbo Hotel. The attached file is named DCIM.htm. This malicious email message encourages victims to open this file using the Internet Explorer since this web browser is the most susceptible to BlackHole Exploit Kit attacks.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | DCIM.htm |
Messages
The following messages associated with Troj/Redir-P were found:
|
Message body:
Hi, deine Fotos findest du im Anhang (Internet Explorer format) MfG, [NAME] |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.