You are here: Home » AntiMalware » Anti-Malware News » How You’re Probably Getting Infected: JSRedir-R

How You’re Probably Getting Infected: JSRedir-R

by malwarekilla on May 15, 2009

JSRedir-R is responsible for more than 40% of all drive-by malicious downloads / exploits.  This script is found on lot’s of legititmate websites after they have been comprimised (of course).  JSRedir-R redirects you to a malicious download as soon as you access the infected webpage.

Your best defense against JSRedir-R is:

  • Always installing your (always reboot right after).
  • A good antivirus with script detecting abilities (Avira Free 9).
  • Browsing the internet via a sandbox (Sandboxie…32bit only).

Here is some excellent reading on JSRedir-R and how it all get’s started:

http://www.theregister.co.uk/2009/05/15/script_menace/

http://blog.unmaskparasites.com/2009/05/07/gumblar-cn-exploit-12-facts-about-this-injected-script/

Tags: windows updates, best defense, browsing the internet, http://www.theregister.co.uk/2009/05/15/script menace

{ 15 comments… read them below or add one }

Maor686 May 15, 2009 at 8:40 pm

Is ESET NOD32 v.4 good enough?

ryan May 16, 2009 at 1:42 am

yes eset is very good for prevention chanses are if you have eset configed and up to date it will catch just about any thing! also you should all ways download superantispyware its a free application that works awesome and also detects all most every thing! for a free product you cant beat sas= superantispyware you can find the web site at http://www.superantispyware.com :) i hope i helped you and your questions

jjbula May 16, 2009 at 2:35 am

This sounds like a threat that would be thwarted with Firefox with the no-script add on.

Some websites say Google Chrome will also protect you.

Nashua May 16, 2009 at 3:11 am

Won’t noscript protect you?

Ping May 16, 2009 at 3:40 am

@Maor686
Yes i agree with Ryan.

If you have further questions, ask on the forums. You’ll get a lot more responses.

elliotcroft May 16, 2009 at 8:15 am

Is GeSWall Good enough defense?

elliotcroft May 16, 2009 at 3:31 pm

Can you review opera internet browser, it has antimalware!

ryan May 16, 2009 at 3:45 pm

@elliot ges wall is awesome you will not get infected if you have it installed on your computer and up to date it isolates any thing that installs on your computer.

all though you should run some kinf of anti virus like avira 9 personal its great.

mat said he tested ges wall and avira on all most 200 link and he had no infection so ges wall is awesome! http://www.avira.com

elliotcroft May 16, 2009 at 3:54 pm

I have got avira.

elliotcroft May 16, 2009 at 5:19 pm

Can you do a prevention test for dr web antivirus (not cureit)

ryan May 16, 2009 at 7:39 pm

hey mat could you do a test on sophos scanning and removal? i know you did the prevention.

Jimmy James May 18, 2009 at 3:26 pm

Hey Matt (and everyone else)
Just found a new variant of a rogue (personal antivirus) at a clients house, which tries to look like AVG:

GUI –
http://g.imagehost.org/0498/rogue.png

Balloon Tip Popup – http://g.imagehost.org/download/0425/Balloon-Popup

I used my bootable DrWeb/Kaspersky/McAfee/Spyware Doctor/Webroot CD to remove the infection.

ryan May 19, 2009 at 5:27 pm

wow that looks just like avg iv never seen any thing like it! that would fool a user that dident knwo what avg looks like that looks just like avg1

elliotcroft May 19, 2009 at 7:42 pm

Why don’t rogue antivirus programs just be a exact copy of legitimate ones (even the name) then they could scam more people.

ryan May 19, 2009 at 8:15 pm

@elliot becouse if they coppy the anti viruses name its copy righting and avg will prosicute the perosn that has made this rouge you are more willing to get sued if you coppy right programs. im not sure thats my guese some people that have malware infection do not report them.

Leave a Comment

Previous post:

Next post:

My Business in St. Louis - st louis computer repair