Trojan.JS.Redirector.za

[templatTrojan.JS.Redirector.za is a web-hosted browser hijacker that is inserted into compromised (AKA, hacked) websites for the purpose of redirecting visitors to malicious sites. Although the same technique abused by Trojan.JS.Redirector.za, known as a Proxy Auto-Config attack, can be used for many purposes, Trojan.JS.Redirector.za specifically appears to be used for stealing currency and credentials from the accounts of Bitcoin users. SpywareRemove.com malware experts particularly warn members of Mtgox.com to be cautious about potential Trojan.JS.Redirector.za attacks, which are known to target members of that community specifically and redirect them to a fake Brazilian mirror of that site. Trojan.JS.Redirector.za doesn't need to be removed from your computer, but its PAC changes should be deleted by appropriate security software and solutions immediately.

Trojan.JS.Redirector.za: the Bitcoin Redirect You May Not Suspect

Trojan.JS.Redirector.za uses one of the favorite tricks of Brazilian cyber-thieves: the Proxy Auto-Config or PAC attack, which enables your browser to redirect from any specified URL to a different website. The most popular implementation of this attack is to redirect PC users from major Brazilian bank sites to phishing sites that steal bank credentials, but Trojan.JS.Redirector.za has expanded that victimized territory to the realm of Bitcoins (a digital currency). After being inserted into various innocent – but perhaps less secure than would be advisable – websites, Trojan.JS.Redirector.za attempts to launch automatically through your browser. Once launched, Trojan.JS.Redirector.za changes your PAC settings to redirect you from Mtgox.com, a major Bitcoin market site, to a fake mirror. The mirror's URL is almost identical, except for using a Brazilian domain suffix (.br).

Entering any information into this fake Mtgox site will allow criminals to gain access to that info, which is exploited for the purpose of hijacking your Bitcoin wallet and stealing the currency that's stored within it. However, SpywareRemove.com malware researchers must warn that Trojan.JS.Redirector.za and similar PC threats also can be used, with very minor changes, to redirect you from other websites and towards different kinds of malicious sites.

Because Trojan.JS.Redirector.za's PAC attack is URL-specific, your ability to browse any unrelated sites shouldn't be impeded. However, Trojan.JS.Redirector.za's attack affects baseline settings that function in all types of browsers (no matter what their settings might be).

Steering Your Browser Away from Trojan.JS.Redirector.za's Exit Route to Poverty

As might be surmised from its name, Trojan.JS.Redirector.za uses JavaScript to launch and attack your PC, and browsers with JavaScript (disabled by default) are notably less endangered by such browser-redirecting attacks than unprotected browsers. However, because Trojans like Trojan.JS.Redirector.za often are enabled by exploit kits that can search through multiple types of appropriate vulnerabilities, SpywareRemove.com malware experts also recommend that you keep your browser protected by anti-malware products with the ability to block website-based PC threats.

Trojan.JS.Redirector.za doesn't install itself onto your computer, but the PAC changes Trojan.JS.Redirector.za creates do need to be removed. Of course, SpywareRemove.com malware researchers also note that a great deal of the onus belongs to website administrators to maintain the security of their sites and remove Trojan.JS.Redirector.za from their website code as soon as possible.e:aliases]

Technical Details