JS_BLACOLEREF.PY


 ALIASES:

Trojan:JS/BlacoleRef.W (Microsoft), JS/Iframe.EZ trojan (NOD32), Troj/JSAgent-CK (Sophos), JS/Iframe.W!tr (Fortinet)

 PLATFORM:

Windows 2000, Windows XP, Windows Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It may be hosted on a website and run when a user accesses the said website.

It inserts an IFRAME tag that redirects users to certain URLs.

  TECHNICAL DETAILS

File Size:

3,969 bytes

File Type:

HTML, HTM

Initial Samples Received Date:

20 Jul 2012

Arrival Details

This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users.

It may be hosted on a website and run when a user accesses the said website.

Other Details

This Trojan inserts an IFRAME tag that redirects users to the following URLs:

  • http://{BLOCKED}narhist.ru/forum/showthread.php?page=5fa58bce769e5c2c