Home / malware Trojan:JS/BlacoleRef.V
First posted on 21 March 2012.
Source: MicrosoftAliases :
Trojan:JS/BlacoleRef.V is also known as Trojan-Downloader.JS.Iframe.crr (Kaspersky), JS/Obfuscator.V (Norman), JS/Obfuscated.ZX (Avira), Trojan.Downloader.JS.QH (BitDefender), Trojan.JS.Blacole (Ikarus), JS/Exploit-Blacole.l (McAfee).
Explanation :
Trojan:JS/BlacoleRef.V is a malicious JavaScript that is used by an exploit kit known as "Blackhole". If the script is run within a vulnerable computer environment, it could lead to the download and execution of arbitrary files.
For more information about the Blackhole exploit kit, please see the description for "Blacole" elsewhere in the encyclopedia.
Top
Trojan:JS/BlacoleRef.V is a malicious JavaScript that is used by an exploit kit known as "Blackhole". If the script is run within a vulnerable computer environment, it could lead to the download and execution of arbitrary files.
Trojan:JS/BlacoleRef.V may be encountered when visiting a compromised webpage. When run, the trojan runs obfuscated JavaScript which generates a hidden IFrame. The hidden IFrame attempts to redirect the browser to another website that has been compromised and hosts the Blackhole exploit kit. If exploitation is successful, malware may be downloaded.
In the wild, Trojan:JS/BlacoleRef.V has been observed redirecting browsers to the domain "paseroper.in" or "wiltonblake.osa.pl" using a server-side script to deliver other malware, as in the following example:
Additional information
- newstaticup.com/cache/<removed>at.php
- relhadores.osa.pl/showthread.php?<removed>5152269
For more information about the Blackhole exploit kit, please see the description for "Blacole" elsewhere in the encyclopedia.
Analysis by Alden Pornasdoro
Last update 21 March 2012