A recently detected a new script as JS/HiddenLink – but is it a false positive?
Unfortunately not, this is part of a BlackHole Exploit Kit (BHEK). The script is injected and hidden by BHEK into the affected system.
JS/HiddenLink is a new family we’ve created for injections such as these. In the past, similar scripts were identified as JS/Redir.
The purpose of this script is to hide the link which follows after dnnViewSate function. Please note that the function name varies.
Luckily, the script in question is not running due to a bug in the code.
AVG Viruslab Research Team
Leave a reply