JS_BLACOLE.XPL

 Analysis by: Roland Marco Dela Paz

 ALIASES:

JS/Exploit-Blacole.q (Mcafee)

 PLATFORM:

Windows 2000, Windows XP, Windows Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This malware is a JavaScript component of the Blackhole Exploit kit. It is responsible for searching vulnerable software on the user's machine in order to deploy specific exploits and ultimately, download a malicious file.

  TECHNICAL DETAILS

File Size:

18,923 bytes

File Type:

JS

Initial Samples Received Date:

16 Mar 2012

Arrival Details

This Trojan may be downloaded from the following remote sites:

  • http://{BLOCKED}do.com/wp-content/uploads/wpbdm/thumbnails/mijob.php

Other Details

This Trojan connects to the following possibly malicious URL:

  • http://{BLOCKED}olly.ru/job13journal.php
  • http://{BLOCKED}ms.com/l/content/Qai.jar
  • http://{BLOCKED}ms.com/l/r.php?f={parameter}&e={parameter}

NOTES:
This malware is a JavaScript component of the Blackhole Exploit kit. It is responsible for searching vulnerable software on the user's machine in order to deploy specific exploits and ultimately, download a malicious file.