Signature Detail

HTTP: Spam URL Variable Equals Redirect Attempt

This signature detects attempts to use a JavaScript to redirect a user to a potentially malicious website. This technique is common with malware emails sent as fake bank spam which induces a recipient to click on the link thinking they have a problem with their account, only to be redirected to a look-alike website using this JavaScript redirection. The destination server hosting the JavaScript is compromised and should be investigated.

References

• URL: http://websiteanalystsresource.wordpress.com/2013/01/16/if-var1-equals-var2-then-redirect/