This application requires Javascript for optimal performance.

JS/PackRedir.B!tr.dldr - Released Sep 24, 2009 - Last Updated Sep 28, 2009

Alias/es

Trojan-Downloader.JS.Gumblar.a (Kaspersky), JS/Gumbler.A (Panda)

Detection Availability

Active DatabaseExtended Database
FortiGate
low
high
FortiClient
FortiMail N/A

Visible Symptoms

  • Redirects the browser to malicious websites.
  • Malicious files may be downloaded.


Detailed Analysis



This detection is for an obfuscated script that is injected to compromise websites via cross-site scripting. The malicious URL is encoded in the script.

When internet users visit infected websites, the injected script redirects the web browser to the malicious website that is hosting other malicious downloabable components such as PDF and SWF files. These files contain exploits which eventually download a malicious Win32 executable.

The behavior of this trojan is very similar to JS/Redir.MR!tr.

Recommended Action

    FortiGate Systems

  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

    FortiClient Systems

  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Reference: ID - 1042786