This application requires Javascript for optimal performance.

JS/PackRedir.A!tr.dldr - Released May 19, 2009 - Last Updated May 21, 2009

Alias/es

JS/Redir.MR!tr

Detection Availability

Active DatabaseExtended Database
FortiGate
low
high
FortiClient
FortiMail N/A

Visible Symptoms

  • Redirect to malicious websites.
  • Malicious files may be downloaded.

    • Detailed Analysis

    This detection is for an obfuscated script that is injected to compromise websites via cross-site scripting. The malicious URL is encoded in the script.

  • When internet users visit infected websites, the injected script redirects the web browser to the malicious website that is hosting other malicious downloabable components such as PDF and SWF files. These files contain exploits which eventually downloads a malicious Win32 executable.

  • The behavior of this trojan is very similar to JS/Redir.MR!tr.

    • Recommended Action

      FortiGate Systems

    • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

      FortiClient Systems

    • Quarantine/delete files that are detected and replace infected files with clean backup copies.

    Reference: ID - 854614