New Blackhole HTML Infector found

30 Aug 2012 I came up with this sample today from MDL, I analyzed it and wrote report in VT with the below URL: https://www.virustotal.com/file/bb95e70c6ea8aaf8134bf9c9645aef715e4b4806004afbcfa9cd572b44939d82/analysis/1346296410/

My comment:
It is a new infection injected code, kinda long, but malzilla and jsunpack break them after 3loop in tries. It was uploaded by 2012 Aug30th 11:30 in the infected server. Very new. No wonder VT has the Detection Ratio of (2/42)

It redirected you to the infected payload using the Java exploit

The payload detection ratio is 11/42 and can be viewed here:
https://www.virustotal.com/file/e580a63bc80e42a5a731754a1e7aaf489a396c8bf7d76f999e0af8ac39f40206/analysis/

You can grab the sample directly from the infection source, still up/alive.

Or contact me for more details.

#MalwareMustDie!

New Blackhole HTML Infector found

Recent Posts

MMD-0062-2017 - Credential harvesting by SSH Direct TCP Forward attack via IoT botnet 27 Feb 2017

MMD-0061-2016 - EnergyMech 2.8 overkill mod 28 Nov 2016

Linux Malware Research List Updated 22 Nov 2016