The Latest in IT Security hit by BlackHole


In the morning of May 12th our malware outbreak sensors registered another BlackHole outbreak hitting one of the Top 200 Alexa rank domains: Its RSS feed generated resource was infected with BlackHole exploit kit. The XML output file at the URL was prepended with an obfuscated JavaScript. The malicious code looks like this:

The decrypted code creates a hidden IFRAME tag with malicious reference in it:

At the time of the infection discovery we have registered couple of malware-serving domains: hosted in Russian Federation hosted in China hosted in South Korea

The malicious JavaScript is detected by the latest version of AVG as variant of Script/Exploit.Kit Trojan family. If recognized by AVG LinkScanner it is reported as BlackHole Type exploit.

While writing this article our sensors reported another alert on a domain Their advertisement delivery is infected by the same BlackHole malware. The number of blocked intrusions from this domain reported by our clients is around 496.000 hits and the number is still increasing. The VirusTotal detection ratio of this malware is rather low 7/42.

Jiri Kropac

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments