Home Malware Programs Trojans Troj/JSRedir-EF

Troj/JSRedir-EF

Posted: March 29, 2012

Threat Metric

Threat Level: 2/10
Infected PCs: 98
First Seen: March 29, 2012
OS(es) Affected: Windows

Troj/JSRedir-EF is a malicious IFrame element that's used to force your web browser to load hostile sites, usually for the purpose of automatically installing PC threats through browser-based vulnerabilities. Since Troj/JSRedir-EF attacks have been observed to piggyback off of third-party advertisements by OpenX, SpywareRemove.com malware experts recommend that you be wary about enabling OpenX advertisements indiscriminately, which may lead the way to a Troj/JSRedir-EF-assisted infection in short order. Since Troj/JSRedir-EF requires the availability of JavaScript to complete its attack, disabling Java for sites that use OpenX advertisements can be considered an effective way of protecting your PC. If your computer has been exposed to a Troj/JSRedir-EF attack that hasn't been blocked, you should use suitable anti-malware software to analyze and remove any Troj/JSRedir-EF-delivered PC threats. The end consequences of a Troj/JSRedir-EF attack can vary since Troj/JSRedir-EF can be used to redirect victims to multiple types of harmful websites.

Troj/JSRedir-EF – a First Step on the Way to a Dangerous Landing Page

Troj/JSRedir-EF is never a single threat by itself, but rather, is used to conduct attacks against your PC along with other malicious IFrame elements and HTML pages. Typical exposure to Troj/JSRedir-EF involves the display of a third-party advertisement that's hosted from OpenX servers. Troj/JSRedir-EF will fail to load if you have JavaScript disabled, and anti-malware applications can also block Troj/JSRedir-EF if they're able to detect ongoing attacks. Once Troj/JSRedir-EF has loaded, Troj/JSRedir-EF will load a second IFrame element by the BlackAdvertsPro group that, in turn, loads an exploit site. The structure of this attack is indicative of BlackAdertsPro most likely selling access to Troj/JSRedir-EF redirects to promote a range of harmful sites, particularly since a second attack on the same computer (as determined by identifying your IP address) will cause you to be redirected to a harmless site instead of the original one.

The exploit site in question may be detected as Mal/ExpJS-AF. Once Troj/JSRedir-EF has finished its work, it's up to the website to complete the attack, which usually consists of installing malicious software without your consent. Since this can take place without visible evidence of it occurring, SpywareRemove.com malware analysts note the usefulness of having security software to detect and prevent Troj/JSRedir-EF-related download attacks from infecting your computer. Using tough browser security settings should also be considered a critical preventative measure.

How to Get Your PC Back from a Troj/JSRedir-EF-Induced Trip to Hostile Territory

Since Troj/JSRedir-EF redirects can be exploited to attack your PC in any fashion that can be hosted on an unsavory website, it's recommended that you respond to Troj/JSRedir-EF attacks with the assumption that your PC may be infected. Accordingly, a complete scan of your PC, preferably done from the secure confines of Safe Mode, will allow you to detect and remove any PC threats that a Troj/JSRedir-EF-affiliated site may have installed. Some issues that may occur as a result of Troj/JSRedir-EF attacks can include:

  • Exposure to fake warning messages and other forms of fraudulent security information that are often used to promote scamware.
  • Exposure to phishing sites that use false pretenses to steal personal information. Common targets of phishing attacks include account passwords and e-mail addresses.
  • The presence of such PC threats as backdoor Trojans, worms, rogue anti-virus programs or other malicious programs that are installed without your consent.

Along with its other limitations, SpywareRemove.com malware analysts have found that Troj/JSRedir-EF is only able to attack Windows computers, although its attack isn't browser-specific (as long as your web browser supports Java).

Loading...