Troj/JSRedir-R is a malicious script likely to have been injected into a defaced web page to load remote malicious content when the page is viewed. Analysis of many defaced sites has shown that many examples of Troj/JSRedi-R are buggy and do not work.
Websites affected with Troj/JSRedir-R may also see detections of Troj/PHPMod-A.
Working copies of Troj/JSRedir-R will redirect users to a Chinese Domain (hosted in Russia) and then via a series of PDF and SWF exploits attempt to install malware detected as Troj/Daonol-Fam.
For more information on this threat see the
SophosLabs Blog.