A crafty way of redirecting users from a web page is seen again in the distribution of fake alert malware. The redirection script is detected as Troj/JSRedir-C and the malware is being proactively detected as Mal/EncPk-CZ. Thankfully, the redirection scripts are detected by Antivirus 2009 as well as the malware being detected by the Mal/encPk/CZ. The redirects the victim to the evil site, from where they are 302 redirected from the page.”]
Source: https://nakedsecurity.sophos.com/2008/10/17/crafty-little-redirect/