Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:JS/Redirector.SB
Date discovered:19/12/2012
Type:HTML
In the wild:No
Reported Infections:Medium
Distribution Potential:Low
Damage Potential:Low
Static file:No
VDF version:7.11.54.86 - 19 Aralık 2012 Çarşamba
IVDF version:7.11.54.86 - 19 Aralık 2012 Çarşamba

 General Method of propagation:
   • Email


Aliases:
   •  Bitdefender: JS:Trojan.Script.AAR
   •  Norman: JS/Blackhole.GAK

Similar detection:
   •  EXP/Pidief.zar
   •  TR/Obisty.A


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7
   • Linux
   • Unix
   • OS/2
   • Mac


Side effects:
   • Redirects to an infected website

 Email It doesn't have its own spreading routine but it was spammed out via email. The characteristics are described in the following:


From:
The sender address is spoofed.
The sender of the email is one of the following:
   • LinkedIn Connections <connections@linkedin.com>
   • LinkedIn Password <password@linkedin.com>


Body:
– Contains HTML code.
The body of the email is the following:

   • LinkedIn
     
     %replacement 1% has indicated you are a Friend
     
     I'd like to add you to my professional network on LinkedIn.
     
     - %replacement 1%
     
     Accept View invitation from %replacement 1%
     
     
     WHY MIGHT CONNECTING WITH %replacement 1% BE A GOOD IDEA?
     
     %replacement 1%'s connections could be useful to you
     
     After accepting %replacement 1%'s invitation, check%replacement 1%'s connections to see who else you may know and who you might want an introduction to. Building these connections can create opportunities in the future.
     
      2012, LinkedIn Corporation



The email looks like the following:


 Miscellaneous Accesses internet resources:
   • http://apensiona.ru:8080/**********/links/column.php
      (EXP/Pidief.zar)

 File details Programming language:
 • JavaScript

Description inserted by Andrei Gherman on Wednesday, December 19, 2012
Description updated by Andrei Gherman on Wednesday, December 19, 2012

Back . . . .