JS/Exploit-Blacole

Posted: December 11, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	9/10
Infected PCs:	8

First Seen:	December 11, 2012
OS(es) Affected:	Windows

JS/Exploit-Blacole is a heuristic detection of the Blackhole Exploit Kit, a package of web browser-based attacks that can be configured to use various different exploits to install malicious software onto your computer. JS/Exploit-Blacole attacks often may not display any obvious symptoms and can succeed automatically if your PC has vulnerable software – which can include anything from Adobe-brand products to Flash, as well as default Windows programs. Payloads from JS/Exploit-Blacole that SpywareRemove.com malware researchers have observed include high-level threats such as banking Trojans, as well as rogue anti-malware scanners. Any possible exposure to JS/Exploit-Blacole, if not blocked by your security software, should be assumed to have infected your computer until you can confirm otherwise through anti-malware scans. Naturally, malicious software that's installed by JS/Exploit-Blacole should be deleted by dedicated anti-malware tools that can detect and remove high-level threats in their entirety.

JS/Exploit-Blacole: the Browser Content that Bites Back

JS/Exploit-Blacole is hosted on both malicious and compromised websites as a general download-enabler for malicious software. Because JS/Exploit-Blacole is JavaScript-based, browsers that have their JavaScript feature disabled (and computers that don't have JavaScript installed in the first place) aren't vulnerable to JS/Exploit-Blacole-based attacks. However, since JavaScript is a popular web design feature that's often enabled by default, SpywareRemove.com malware experts recommend that you have additional protection against JS/Exploit-Blacole – such as anti-malware products with web-browsing safety features.

If JS/Exploit-Blacole is launched successfully, JS/Exploit-Blacole will attempt to detect a vulnerability that JS/Exploit-Blacole can use to install malicious software onto your PC. JS/Exploit-Blacole, and other variants of the Blackhole Exploit Kit are in active development, and the vulnerabilities that they may utilize can vary significantly, including both patched ones and zero-day vulnerabilities. SpywareRemove.com malware researchers generally encourage you to keep all of your software updated inorder to reduce the number of vulnerabilities that can be abused by JS/Exploit-Blacole, although patches alone aren't a perfect defense against JS/Exploit-Blacole attacks.

Why You Should Be Careful Not to Get in Range of JS/Exploit-Blacole's Orbit

JS/Exploit-Blacole is designed to install malicious software both non-consensually and, in most cases, secretively. Some JS/Exploit-Blacole-associated payloads that SpywareRemove.com malware researchers have analyzed include – but, it should be emphasized, aren't limited to – the following:

Rogue anti-malware programs, such as members of FakeRean like Win 7 Internet Security Pro 2013, XP Antivirus Plus 2013, Vista Antivirus Plus 2013, Win 7 Antivirus Plus 2013, Total Vista Security, Win 7 Total Security Pro 2013, XP Security Pro 2013 and XP Home Security 2012. These scamware programs display fake alerts and fake system scans to make you purchase the registered (and equally useless) versions of their software.
Banking Trojans like the well-known Zeus, which uses sophisticated man-in-the-browser style attacks to monitor your access to banking sites and steal passwords, etc. Banking Trojans rarely display any obvious symptoms of their presence but are capable of stealing extremely private information, with an emphasis on data that would allow criminals to hijack financial accounts.

Although JS/Exploit-Blacole is a browser-based PC threat that doesn't install itself on your computer, JS/Exploit-Blacole does install other malware onto your PC that should be removed as expediently as possible. If your anti-malware software detects Zeus or other spyware-themed malware from a JS/Exploit-Blacole attack, SpywareRemove.com malware experts also suggest that you change any potentially compromised passwords.

Aliases

Trojan.JS.Blacole.Gen

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

8498db0a8a4b0caa7a672eb7db30241d

File name: 8498db0a8a4b0caa7a672eb7db30241d
Size: 111.82 KB (111827 bytes)
MD5: 8498db0a8a4b0caa7a672eb7db30241d
Detection count: 93
Group: Malware file
Last Updated: March 6, 2013

decb06ef05dd2a1c49aeeb9aa1a1386e

File name: decb06ef05dd2a1c49aeeb9aa1a1386e
Size: 39.25 KB (39258 bytes)
MD5: decb06ef05dd2a1c49aeeb9aa1a1386e
Detection count: 92
Group: Malware file
Last Updated: March 6, 2013

e43ff874dad12b697e179cf144ffa443

File name: e43ff874dad12b697e179cf144ffa443
Size: 115.28 KB (115283 bytes)
MD5: e43ff874dad12b697e179cf144ffa443
Detection count: 91
Group: Malware file
Last Updated: March 6, 2013

A47490633507A026DD00161B46BA2D71.bin

File name: A47490633507A026DD00161B46BA2D71.bin
Size: 785B (785 bytes)
MD5: a47490633507a026dd00161b46ba2d71
Detection count: 90
File type: Binary File
Mime Type: unknown/bin
Group: Malware file
Last Updated: March 6, 2013

d612020ff2790577344efef457e35665

File name: d612020ff2790577344efef457e35665
Size: 786B (786 bytes)
MD5: d612020ff2790577344efef457e35665
Detection count: 89
Group: Malware file
Last Updated: March 6, 2013

g43kb6j34kblq6jh34kb6j3kl4.jar

File name: g43kb6j34kblq6jh34kb6j3kl4.jar
Mime Type: unknown/jar
Group: Malware file