JS_BLACOLE.JDKK
October 09, 2012
ALIASES:
Trojan:JS/BlacoleRef.BO (Microsoft), Trojan-Downloader.JS.Iframe.cyt (Kaspersky), JS/Exploit-Blacole.eu (McAfee)
PLATFORM:
Windows 2000, Windows XP, Windows Server 2003
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
Threat Type: Trojan
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
This Trojan may be hosted on a website and run when a user accesses the said website.
It inserts an IFRAME tag that redirects users to certain URLs.
TECHNICAL DETAILS
File Size: Varies
File Type: JS
Initial Samples Received Date: 07 Aug 2012
Arrival Details
This Trojan may be hosted on a website and run when a user accesses the said website.
Other Details
This Trojan inserts an IFRAME tag that redirects users to the following URLs:
- http://{pseudorandom string}.ru/{BLOCKED}orestrun?sid=cx