JS_BLACOLE.CI
JS/Agent.NGT trojan (Eset)
Windows 2000, Windows XP, Windows Server 2003
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Trojan may be hosted on a website and run when a user accesses the said website.
This is the Trend Micro detection for Web pages that were compromised through the insertion of a certain IFRAME tag. Once a user visits an affected Web page, this HTML script launches a hidden IFRAME that connects to a malicious URL. It inserts an IFRAME tag that redirects users to certain URLs.
TECHNICAL DETAILS
Varies
HTML, HTM
15 Sep 2012
Arrival Details
This Trojan may be hosted on a website and run when a user accesses the said website.
Other Details
This is the Trend Micro detection for Web pages that were compromised through the insertion of a certain IFRAME tag.
Once a user visits an affected Web page, this HTML script launches a hidden IFRAME that connects to a malicious URL.
It inserts an IFRAME tag that redirects users to the following URLs:
- http://{pseudorandom string}/in.cgi?14