Home / malwarePDF  

Trojan:JS/BlacoleRef.C


First posted on 13 October 2011.
Source: SecurityHome

Aliases :

Trojan:JS/BlacoleRef.C is also known as IFrame.gen (Command), HTML/IFrame.sef (Avira), HTML/Iframe.B.Gen (ESET), Trojan.JS.Agent.bvy (Kaspersky), Mal/Iframe-W (Sophos).

Explanation :

Trojan:JS/BlacoleRef.C is a malicious JavaScript that is used by an exploit kit known as "Blackhole". If the script is run within a vulnerable computer environment, it could lead the the download and execution of arbitrary files.
Top

Trojan:JS/BlacoleRef.C is a malicious JavaScript that is used by an exploit kit known as "Blackhole". If the script is run within a vulnerable computer environment, it could lead the the download and execution of arbitrary files. Trojan:JS/BlacoleRef.C may be encountered when visiting a compromised web page. When run, Trojan:JS/BlacoleRef.C runs obfuscated JavaScript which generates a hidden IFrame. The hidden IFrame will attempt to redirect the browser to another website that has been compromised to host the Blackhole exploit kit. If exploitation is successful, malware may be downloaded. In the wild, Trojan:JS/BlacoleRef.C was observed to redirect browsers to domains such as the following:

  • tr5yh654wfrefg.cz.cc
  • qxhjyavy.cz.cc
  • maseoi1l4f.c0m.li
  • yrpdgiti.cz.cc


Analysis by Horea Coroiu

Last update 13 October 2011

 

TOP