Follow:

 

Trojan:JS/Tadtruss.A


Microsoft security software detects and removes this threat.

It is a JavaScript that redirects your browser to another site, not the one you actually intended to visit. In the wild, this trojan was observed to redirect users to sites that distribute other malware.



What to do now

The following free Microsoft software detects and removes this threat:

Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.

You can also visit the Microsoft virus and malware community for more help.

Threat behavior

Installation

This trojan can be installed on hacked website servers. The malicious JavaScript is commonly installed by a hacker using an attack method like SQL injection.

Payload

Redirects web browser traffic

If you visit a hacked website using your browser, and it runs this script, your browser is redirected to another site that could result in it downloading and running other malware, or displaying unwanted content like pop-up ads. In the wild, this trojan was observed to redirect browsers to any of these websites:

  • 777inter.net
  • abusing.stopspams.net
  • allradiohits.com
  • aqi.fizhox.cn
  • ayanna-drr.cz.cc
  • bezsvyazi.ru
  • bosstraff.co.cc
  • cablick.com
  • clea.yourcollectorcar.net
  • col.yourcollectorcar.net
  • comics-hentai.com
  • dats.yourcollectorcar.net
  • detectspywares.info
  • enxefkge.cz.cc
  • eqxdhyfl.ce.ms
  • expstats2.net
  • fickporn.com
  • for.yourcollectorcar.net
  • free-lesbian-pic.in
  • gaagle.name
  • goldstats1.net
  • googl-analistic.com
  • grandsupport.net
  • hist.theyourlife.com
  • hom.yourcollectorcar.net
  • imp.theyourlife.com
  • itsallbreaksoft.net
  • jlwlngmx.ce.ms
  • kvnfkpgu.cz.cc
  • lexi-bb.cz.cc
  • lie.theyourlife.com
  • madyson-av.cz.cc
  • mark.theyourlife.com
  • mint.extrasdiscount.net
  • mister-proper.uni.cc
  • moc.theyourlife.com
  • mucounter.co.cc
  • netservice2.net
  • niwmsdmr.ce.ms
  • onlinedetect.com
  • paa.opyaxa.cn
  • qtrgegah.ce.ms
  • qybgqpsy.ce.ms
  • rar.bestangelsblog.info
  • sdfw3ddsadsa.com
  • seaarch.info
  • search4us.us
  • searchbert.com
  • searchglobalsite.com
  • searchworld.biz
  • vzaynvro.ce.ms
  • wcwrwpea .cz.cc
  • wellcome-av-003.info
  • wes.yourcollectorcar.net
  • xmarketatom333.com
  • yandex-yandex.uni.cc
  • yourbestway.cn
  • zer.extrasdiscount.net
Additional information

This malware may be installed collectively with other malware, like variants of the "Blackhole" exploit, on a hacked server.

Analysis by Ric Robielos


Symptoms

Alerts from your security software may be the only symptom.


Prevention


Alert level: Severe
First detected by definition: 1.113.1843.0
Latest detected by definition: 1.113.1843.0 and higher
First detected on: Oct 17, 2011
This entry was first published on: Oct 17, 2011
This entry was updated on: Jan 02, 2014

This threat is also detected as:
  • Trojan.JS.Redirector.bg (Kaspersky)
  • JS/Redir.FY (Norman)