JS_BLACOLEREF.PY
October 09, 2012
ALIASES:
Trojan:JS/BlacoleRef.W (Microsoft), JS/Iframe.EZ trojan (NOD32), Troj/JSAgent-CK (Sophos), JS/Iframe.W!tr (Fortinet)
PLATFORM:
Windows 2000, Windows XP, Windows Server 2003
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It may be hosted on a website and run when a user accesses the said website.
It inserts an IFRAME tag that redirects users to certain URLs.
TECHNICAL DETAILS
File Size:
3,969 bytes
File Type:
HTML, HTM
Initial Samples Received Date:
20 Jul 2012
Arrival Details
This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users.
It may be hosted on a website and run when a user accesses the said website.
Other Details
This Trojan inserts an IFRAME tag that redirects users to the following URLs:
- http://{BLOCKED}narhist.ru/forum/showthread.php?page=5fa58bce769e5c2c