Home / malware Trojan:JS/BlacoleRef.Q
First posted on 25 January 2012.
Source: MicrosoftAliases :
Trojan:JS/BlacoleRef.Q is also known as JS/IFrame.HC.gen (Command), Trojan.JS.Agent.EYK (BitDefender), Trojan.JS.BlacoleRef (Ikarus).
Explanation :
Trojan:JS/BlacoleRef.Q is a malicious JavaScript trojan that is used by an exploit kit known as "Blackhole". If the script is run within a vulnerable computer environment, it could lead to the download and execution of arbitrary files.
Top
Trojan:JS/BlacoleRef.Q is a malicious JavaScript trojan that is used by an exploit kit known as "Blackhole". If the script is run within a vulnerable computer environment, it could lead to the download and execution of arbitrary files.
Trojan:JS/BlacoleRef.Q may be encountered when visiting a compromised webpage. When run, the trojan runs obfuscated JavaScript which generates a hidden IFrame. The hidden IFrame attempts to redirect the browser to another website that has been compromised and hosts the Blackhole exploit kit. If exploitation is successful, malware may be downloaded.
In the wild, Trojan:JS/BlacoleRef.Q has been observed redirecting browsers to the domain "force<removed>stat.com" using a server-side script to deliver other malware, as in the following example:
force<removed>stat.com/stat.php
Additional information
For more information about the Blackhole exploit kit, see the description for "Blacole" elsewhere in the encyclopedia.
Analysis by Lena Lin
Last update 25 January 2012