Follow:

 

Trojan:JS/Redirector.M


Trojan:JS/Redirector.M is detection for specific JavaScript contained within Web pages. This JavaScript trojan may be injected into an HTML page via an SQL injection attack, or may be present on a malicious Web site, and may redirect users to Web sites other than expected. It is also possible for an attacker to craft HTML-based e-mail messages containing the script.


What to do now

Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as Microsoft Security Essentials, or the Microsoft Safety Scanner. For more information about using antivirus software, see http://www.microsoft.com/security/antivirus/av.aspx.

Threat behavior

Trojan:JS/Redirector.M is detection for specific JavaScript contained within Web pages. This JavaScript trojan may be injected into an HTML page via an SQL injection attack, or may be present on a malicious Web site, and may redirect users to Web sites other than expected. It is also possible for an attacker to craft HTML-based e-mail messages containing the script.
 
The destination Web page of the redirect may contain specially formed IFrame tags that point to remote Web sites containing other malicious content, for example malicious JavaScript containing an exploit for a specific vulnerability. 
Additional Information
Trojan:JS/Redirector.M was part of several SQL injection attacks over several months and involved a domain named 'yl18.net'.
 
Analysis by Cristian Craioveanu & Patrick Nolan

Symptoms

There are no common symptoms associated with this threat - links are activated within IFrames while viewing Web content on maliciously modified pages. Alert notifications from installed Antivirus software may be the only symptom(s).

Prevention


Alert level: Severe
First detected by definition: 1.45.287.0
Latest detected by definition: 1.173.2181.0 and higher
First detected on: Oct 07, 2008
This entry was first published on: May 29, 2008
This entry was updated on: Apr 17, 2011

This threat is also detected as:
No known aliases