Troj/JSRedir-R is the most widespread infection on the Web
Written by IT News on 4:07 AMMalware analysts security vendor Sophos warns that the number of pages that are infected with the script Gumblar malcious recently sky-rocketed, making the operation at the top of the list of online threats. The effects of the previous record year SETTER Mal / iframe F now dwarfs in comparison.
According to Sophos, Troj / JSRedir-R, also known as Gumblar act mala fide domain since it points to an aggregate amount of not less than 42% of all infections on the web today. Mal / iframe F occupied second place, the number of infections is six times lower, accounting for only 7%.
"Usually JSRedir-R found on legitimate websites, hidden behind the distorted JavaScript, loading malicious content of third party sites without the user knowing. In accordance with garbled script attempts to download dangerous code from a place called gumblar.cn" Graham Cluley, Sophos' senior technology consultant explains.
The confusion that Gumblar method is relatively simple and involves replacing the characters with their hexadecimal value, eg "20%" instead of "empty space", and then change the% with a random character. JavaScript code contains a function to replace the purposes restores% random character.
There are many variations of this script in the game and they are usually just before the "body" tag in HTML documents compromised. They are all the query words gumblar.cn who blacklisted from Google for further malicious scripts. "In contrast to the last iframe exploit, where malicious code was injected only files with the common filename (eg index.html, index.php, etc.) this gumblar script injected into each web page," the unmasking of parasites blog warns.
Since the script is available on the websites operated by a diversity of PHP applications cannot be bound to a particular vulnerability. Instead compromised FTP evidence on the point of entry. Paul BACC, virus researcher at Sophos, attributes of infections to PHPMod-A Trojan. The load is also said to change the permissions on different directories on the Web and drop an image.php file in the "images" folder.
What is also interesting is that the operation of infecting the different file types to another code. This means that the code is inserted in. Js files differ from one inserted. Php. This is of course necessary for the malicious code to be performed, but the fact that it has more than goals. HTML files make the threat much more dangerous and more difficult to clean.
If you have reason to believe that your site is affected by this threat, ensure that your computer is clean of malware, change the password for your FTP and upload it again to the site for a clean backup.
0 comments: Responses to “ Troj/JSRedir-R is the most widespread infection on the Web ”