JSRedir-R is responsible for more than 40% of all drive-by malicious downloads / exploits. This script is found on lot’s of legititmate websites after they have been comprimised (of course). JSRedir-R redirects you to a malicious download as soon as you access the infected webpage.
Your best defense against JSRedir-R is:
- Always installing your Windows updates (always reboot right after).
- A good antivirus with script detecting abilities (Avira Free 9).
- Browsing the internet via a sandbox (Sandboxie…32bit only).
Here is some excellent reading on JSRedir-R and how it all get’s started:
http://www.theregister.co.uk/2009/05/15/script_menace/
http://blog.unmaskparasites.com/2009/05/07/gumblar-cn-exploit-12-facts-about-this-injected-script/
Tags: windows updates, best defense, browsing the internet, http://www.theregister.co.uk/2009/05/15/script menace
{ 15 comments… read them below or add one }
Is ESET NOD32 v.4 good enough?
yes eset is very good for prevention chanses are if you have eset configed and up to date it will catch just about any thing! also you should all ways download superantispyware its a free application that works awesome and also detects all most every thing! for a free product you cant beat sas= superantispyware you can find the web site at http://www.superantispyware.com
i hope i helped you and your questions
This sounds like a threat that would be thwarted with Firefox with the no-script add on.
Some websites say Google Chrome will also protect you.
Won’t noscript protect you?
@Maor686
Yes i agree with Ryan.
If you have further questions, ask on the forums. You’ll get a lot more responses.
Is GeSWall Good enough defense?
Can you review opera internet browser, it has antimalware!
@elliot ges wall is awesome you will not get infected if you have it installed on your computer and up to date it isolates any thing that installs on your computer.
all though you should run some kinf of anti virus like avira 9 personal its great.
mat said he tested ges wall and avira on all most 200 link and he had no infection so ges wall is awesome! http://www.avira.com
I have got avira.
Can you do a prevention test for dr web antivirus (not cureit)
hey mat could you do a test on sophos scanning and removal? i know you did the prevention.
Hey Matt (and everyone else)
Just found a new variant of a rogue (personal antivirus) at a clients house, which tries to look like AVG:
GUI –
http://g.imagehost.org/0498/rogue.png
Balloon Tip Popup – http://g.imagehost.org/download/0425/Balloon-Popup
I used my bootable DrWeb/Kaspersky/McAfee/Spyware Doctor/Webroot CD to remove the infection.
wow that looks just like avg iv never seen any thing like it! that would fool a user that dident knwo what avg looks like that looks just like avg1
Why don’t rogue antivirus programs just be a exact copy of legitimate ones (even the name) then they could scam more people.
@elliot becouse if they coppy the anti viruses name its copy righting and avg will prosicute the perosn that has made this rouge you are more willing to get sued if you coppy right programs. im not sure thats my guese some people that have malware infection do not report them.