Sucuri Research Labs

Sucuri on Twitter Sucuri on Facebook

Malware definitions (web based)Home  |  Notes  |  Malware data  |  Signatures  |  Tools  |  About

Conditional redirections

Conditional redirections are classified differently than the iframe/javascript ones, because they are generally done though the HTTP headers (via .htaccess) to redirect users from certain browsers or locations to malware/malicious locations.

Referrer or user agent redirections. Happens when a user coming from a search engine (like Google) or certain user agent (Googlebot or MSIE) gets redirected to a malicious domain.

Example of .htaccess code doing the redirection:

Anyone coming from a search engine, gets redirected to a russian site::