On Friday, while researching the blog on Troj/JSRedir-AK I noticed a website with an infection of Troj/JSRedir-AK and a new piece of malware (Troj/JSRedir-AR).
Like Troj/JSRedir-AK, Troj/JSRedir-AR has two distinct forms:
- injected into HTML files as a malicious <SCRIPT> tag
- the other appended to JavaScript files
The Gumblar team appears to have replaced the Troj/JSRedir-AK infections with Troj/JSRedir-AR. Over the weekend Troj/JSRedir-AR was ~20% of infections to Troj/JSRedir-AK of ~8% (NB the JS/Sinowal-Gen at ~2%).
[From 2010-01-22 08:00:00 to 2010-01-26 10:00:00 PST (GMT-8)]
Interesting over at Unmask Parasites. Blog. they also noticed this change.
It looks like this month my colleagues and I will be playing cat and mouse with the Gumblar team.
![Have your say - LulzSec: helpful, harmless or hideous? [VOTE NOW]](http://sophosnews.files.wordpress.com/2013/05/lulzsec-poll-thumb.jpg?w=75&h=75&crop=1)
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
![Hacked TV channels broadcast zombie apocalypse emergency alert [VIDEO]](http://sophosnews.files.wordpress.com/2013/02/zombie-thumb.jpg?w=75&h=75&crop=1)
