Escort service infected with Troj/JSRedir-AR

Filed Under: SophosLabs

Clients of escorts and call girls are usually aware of the the risks presented from STIs. However, SophosLabs has been monitoring a different type of infection risk for clients of escorts in Indian cities.

The Troj/JSRedir-AR infection has morphed slightly:

If you look at the variable 'o[e]' (two-thirds of the way down) you will see the beginnings of an obfuscated string 'http://'. Previous versions of Troj/JSRedir-AK and Troj/JSRedir-AR have used non-alphanumeric characters to disguise the strings.

Web appliance customers browsing to these sites would have already been protected due to the adult nature of the escort sites in question.

,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s