JS_BLACOLE.MF
February 19, 2013
ALIASES:
JS/Exploit-Blacole.gg !! (McAfee), Exploit.JS.Blacole (Ikarus), JS/Redir.JP (exact) (Fprot), JS/Kryptik.ABA trojan (Nod32)
PLATFORM:
Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Trojan may be hosted on a website and run when a user accesses the said website. However, as of this writing, the said sites are inaccessible.
Once a compromised site is visited, the user is redirected to a certain malicious site.
TECHNICAL DETAILS
File Size: 1,227 bytes
Initial Samples Received Date: 06 Nov 2012
Arrival Details
This Trojan may be hosted on a website and run when a user accesses the said website.
However, as of this writing, the said sites are inaccessible.
Other Details
Once a compromised site is visited, the user is redirected to the following malicious site:
- http://{BLOCKED}biza.ru:8080/forum/links/column.php