Threat Database Malware Mal/ExpJS-BH


By Sumo3000 in Malware

Mal/ExpJS-BH refers to Web pages that have been injected with a malicious JavaScript that is associated with what is presently starting to be recognized as the Glazunov Exploit Kit. Like the Redkit Exploit Kit, this is one of the many newer exploit kits that are attempting to dethrone what remains without question the main exploit kit on the market, the Black Hole Exploit Kit. These malicious exploit kits are often associated with JavaScript Trojans that are specifically designed to force computer users to become exposed to the malicious Web page containing the exploit kit. Mal/ExpJS-BH is one of these types of malware attacks.

Essentially, criminals create attack websites that contain an exploit kit to attack visitors' computers. These are essentially malware infections designed to attempt to take advantage of a large number of known vulnerabilities in the infected computer's computer in order to infect it with malware. However, the key to these attacks is actually forcing computer users to visit the websites containing the exploit kit. That is where Mal/ExpJS-BH and other JavaScript Trojans come in.

Typically criminals can compromise a legitimate website so that it will redirect computer users to an attack website containing the exploit kit. Legitimate websites can be compromised in a variety of ways, but this typically occurs because the affected website contains outdated software or is using weak passwords. Basically, a malicious iFrame is injected into the compromised website which, taking advantage of vulnerabilities in JavaScript, loads automatically in the background and forces the victim's Web browser to open the attack website containing the exploit kit.

How the Mal/ExpJS-BH JavaScript Trojan Goes One Step Beyond Other Similar Attacks

Mal/ExpJS-BH has caught the attention of PC security researchers because its redirect goes one step further in ensuring that victims are exposed to malicious content. The compromised website is not merely injected with a redirect Trojan. Rather, the entire website is compromised in some way. Tthe Mal/ExpJS-BH attack involves a JavaScript component that loads a remote PluginDetect or DeployJava libraries and another one that forces the target to load a JAR file located on a remote server. This JAR file is, of course, malicious and exposes the victim to an exploit kit and to other malicious content. Presently, Mal/ExpJS-BH is being used mostly to distribute Police Ransomware Trojans.


Most Viewed