You are here: Home > How You’re Probably Getting Infected: JSRedir-R

How You’re Probably Getting Infected: JSRedir-R

JSRedir-R is responsible for more than 40% of all drive-by malicious downloads / exploits.  This script is found on lot’s of legititmate websites after they have been comprimised (of course).  JSRedir-R redirects you to a malicious download as soon as you access the infected webpage.

Your best defense against JSRedir-R is:

  • Always installing your Windows updates (always reboot right after).
  • A good antivirus with script detecting abilities (Avira Free 9).
  • Browsing the internet via a sandbox (Sandboxie…32bit only).

Here is some excellent reading on JSRedir-R and how it all get’s started:

http://www.theregister.co.uk/2009/05/15/script_menace/

http://blog.unmaskparasites.com/2009/05/07/gumblar-cn-exploit-12-facts-about-this-injected-script/

, , ,

  • Maor686

    Is ESET NOD32 v.4 good enough?

  • ryan

    yes eset is very good for prevention chanses are if you have eset configed and up to date it will catch just about any thing! also you should all ways download superantispyware its a free application that works awesome and also detects all most every thing! for a free product you cant beat sas= superantispyware you can find the web site at http://www.superantispyware.com :) i hope i helped you and your questions

  • jjbula

    This sounds like a threat that would be thwarted with Firefox with the no-script add on.

    Some websites say Google Chrome will also protect you.

  • Nashua

    Won't noscript protect you?

  • Ping

    @Maor686

    Yes i agree with Ryan.

    If you have further questions, ask on the forums. You'll get a lot more responses.

  • elliotcroft

    Is GeSWall Good enough defense?

  • elliotcroft

    Can you review opera internet browser, it has antimalware!

  • ryan

    @elliot ges wall is awesome you will not get infected if you have it installed on your computer and up to date it isolates any thing that installs on your computer.

    all though you should run some kinf of anti virus like avira 9 personal its great.

    mat said he tested ges wall and avira on all most 200 link and he had no infection so ges wall is awesome! http://www.avira.com

  • elliotcroft

    I have got avira.

  • elliotcroft

    Can you do a prevention test for dr web antivirus (not cureit)

  • ryan

    hey mat could you do a test on sophos scanning and removal? i know you did the prevention.

  • Jimmy James

    Hey Matt (and everyone else)
    Just found a new variant of a rogue (personal antivirus) at a clients house, which tries to look like AVG:

    GUI –
    http://g.imagehost.org/0498/rogue.png

    Balloon Tip Popup – http://g.imagehost.org/download/0425/Balloon-Popup

    I used my bootable DrWeb/Kaspersky/McAfee/Spyware Doctor/Webroot CD to remove the infection.

  • ryan

    wow that looks just like avg iv never seen any thing like it! that would fool a user that dident knwo what avg looks like that looks just like avg1

  • elliotcroft

    Why don't rogue antivirus programs just be a exact copy of legitimate ones (even the name) then they could scam more people.

  • ryan

    @elliot becouse if they coppy the anti viruses name its copy righting and avg will prosicute the perosn that has made this rouge you are more willing to get sued if you coppy right programs. im not sure thats my guese some people that have malware infection do not report them.