Home / malware Trojan:JS/BlacoleRef.T
First posted on 31 January 2012.
Source: MicrosoftAliases :
There are no other names known for Trojan:JS/BlacoleRef.T.
Explanation :
Trojan:JS/BlacoleRef.T is a malicious JavaScript that is used by an exploit kit known as "Blackhole". If the script is run within a vulnerable computer environment, it could lead to the download and execution of arbitrary files.
Top
Trojan:JS/BlacoleRef.T is a malicious JavaScript that is used by an exploit kit known as "Blackhole". If the script is run within a vulnerable computer environment, it could lead to the download and execution of arbitrary files.
Trojan:JS/BlacoleRef.T may be encountered when visiting a compromised webpage. When run, the trojan runs obfuscated JavaScript which generates a hidden IFrame. The hidden IFrame attempts to redirect the browser to another website that has been compromised and hosts the Blackhole exploit kit. If exploitation is successful, malware may be downloaded.
In the wild, Trojan:JS/BlacoleRef.T has been observed redirecting browsers to the domain "paseroper.in" or "wiltonblake.osa.pl" using a server-side script to deliver other malware, as in the following example:
Additional information
- paseroper.in/in.cgi?default
- wiltonblake.osa.pl/showthread.php?t=55152269
For more information about the Blackhole exploit kit, please see the description for "Blacole" elsewhere in the encyclopedia.
Analysis by Lena Lin
Last update 31 January 2012
