Home / malwarePDF  

Exploit:JS/Blacole.GB


First posted on 15 February 2019.
Source: Microsoft

Aliases :

There are no other names known for Exploit:JS/Blacole.GB.

Explanation :

Your antivirus software may detect Blacole when you visit a compromised or malicious webpage. A compromised webpage is one in which an attacker has inserted malicious JavaScript code without the webpage owner's knowledge.

When you visit the webpage, the JavaScript code - detected as BlacoleRef - is run.

The Blacole family is designed to load a hidden IFrame that contacts a malicious page that is stored on a web server. This page determines information about your browser, such as what browser it is (for example, Internet Explorer or Firefox), what version it is, and what plugins or extensions you have installed.

The page then redirects the hidden IFrame to another page (or multiple pages) that specifically uses or exploits only those vulnerabilities that your browser is susceptible to. These vulnerabilities are then used to download malware onto your computer.

In this way, Blacole forms part of a larger process, all of which is designed to have the greatest success of infecting your computer with malware.

For more details, see the BlacoleRef and Blacole family descriptions.

Further reading

Get gamed and rue the day...

Last update 15 February 2019

 

TOP