Home Malware Programs Malware Troj/JSRedir-R

Troj/JSRedir-R

Posted: June 3, 2009

Troj/JSRedir-R (also known as Gumblar) is malicious software that is known to steal FTP credentials from a victim's computer allowing remote users to access a webmasters website to import malicious scripts. Troj/JSRedir-R infects php, html and js website files. Affected users are known to be redirected to malicious websites through Google search engine result pages that return the results of infected websites. Troj/JSRedir-R is also able to install a backdoor that connects to an IP address of a known botnet, further increasing the chances of the infected system to be compromised by a remote source.

Troj/JSRedir-R varies from previous malicious exploits in the way that it spreads. It is able to spread through users who browse legitimate websites that were injected with a script via a comprimised webmaster's website using their FTP credentials. Troj/JSRedir-R's code is dynamically generated making it very difficult to manually detect and remove.

Troj/JSRedir-R can be compared to the Conficker Worm infection because of the way it is able to spread. Troj/JSRedir-R uses FTP credentials that it steals to compromise a vast amount of websites which in return could expose several other victims over a period of time. If you browse to an infected website then your system may become infected. Computer users with FTP credentials stored on their system that are infected with Troj/JSRedir-R are in danger of having their information stolen.

One Comment

Loading...