Home / malware Trojan:JS/BlacoleRef.AK
First posted on 31 March 2012.
Source: MicrosoftAliases :
There are no other names known for Trojan:JS/BlacoleRef.AK.
Explanation :
Trojan:JS/BlacoleRef.AK is a malicious JavaScript that is used by an exploit kit known as "Blackhole". If the script is run within a vulnerable computer environment, it could lead to the download and execution of arbitrary files.
Top
Trojan:JS/BlacoleRef.AK is a malicious JavaScript that is used by an exploit kit known as "Blackhole". If the script is run within a vulnerable computer environment, it could lead to the download and execution of arbitrary files.
Trojan:JS/BlacoleRef.AK may be encountered when visiting a compromised webpage. It has also been observed as an HTML file attachment to spammed email messages. Some examples of email messages it has arrived with are:
Subject: Re: Your new contract
Body: As we arranged on friday in the office we've got the contract ready, plase study it carefully and let us know whether you accept all the issues.
We've attached the copy of the contract below.
With respect
Gonzalo Morrow
Secure Checksum: 728e69dccc037dc084923728e16b57dc084bf4b57d
Attachment: Contract-8238182.htm
Subject: Fwd: Re: Scan from a Hewlett-Packard ScanJet 0767184
Body: Attached document was scanned and sentto you using a Hewlett-Packard ScanJet 95975PP.SENT BY: FREIDA
PAGES : 1
FILETYPE: .HTML [Internet Explorer File]
Attachment: HP_Document-13-7480.htm
When run, the trojan runs obfuscated JavaScript, which generates a hidden IFrame. The hidden IFrame attempts to redirect the browser to another website that has been compromised and hosts the Blackhole exploit kit. If exploitation is successful, malware may be downloaded.
In the wild, Trojan:JS/BlacoleRef.AK has been observed redirecting browsers to the domain "dhjikjsdhfkksjud.ru" or "dkijhsdkjfhsdf.ru".
Additional information
For more information about the Blackhole exploit kit, please see the description for "Blacole" elsewhere in the encyclopedia.
Analysis by Chris Stubbs
Last update 31 March 2012
