Thursday, August 30, 2012

New Blackhole HTML Infector found

I came up with this sample today from MDL, I analyzed it and wrote report in VT with the below URL: https://www.virustotal.com/file/bb95e70c6ea8aaf8134bf9c9645aef715e4b4806004afbcfa9cd572b44939d82/analysis/1346296410/

My comment:
It is a new infection injected code, kinda long, but malzilla and jsunpack break them after 3loop in tries. It was uploaded by 2012 Aug30th 11:30 in the infected server. Very new. No wonder VT has the Detection Ratio of (2/42)

It redirected you to the infected payload using the Java exploit

The payload detection ratio is 11/42 and can be viewed here:
https://www.virustotal.com/file/e580a63bc80e42a5a731754a1e7aaf489a396c8bf7d76f999e0af8ac39f40206/analysis/

You can grab the sample directly from the infection source, still up/alive.

Or contact me for more details.

#MalwareMustDie!