Thursday, August 30, 2012

New Blackhole HTML Infector found

I came up with this sample today from MDL, I analyzed it and wrote report in VT with the below URL:

My comment:
It is a new infection injected code, kinda long, but malzilla and jsunpack break them after 3loop in tries. It was uploaded by 2012 Aug30th 11:30 in the infected server. Very new. No wonder VT has the Detection Ratio of (2/42)

It redirected you to the infected payload using the Java exploit

The payload detection ratio is 11/42 and can be viewed here:

You can grab the sample directly from the infection source, still up/alive.

Or contact me for more details.