Escort service infected with Troj/JSRedir-AR

Filed Under: SophosLabs

Clients of escorts and call girls are usually aware of the the risks presented from STIs. However, SophosLabs has been monitoring a different type of infection risk for clients of escorts in Indian cities.

The Troj/JSRedir-AR infection has morphed slightly:

If you look at the variable 'o[e]' (two-thirds of the way down) you will see the beginnings of an obfuscated string 'http://'. Previous versions of Troj/JSRedir-AK and Troj/JSRedir-AR have used non-alphanumeric characters to disguise the strings.

Web appliance customers browsing to these sites would have already been protected due to the adult nature of the escort sites in question.


You might like

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s