Mal/ExpJS-BH Description

Type: Adware

Mal/ExpJS-BH refers to Web pages that have been injected with a malicious JavaScript that is associated with what is presently starting to be recognized as the Glazunov Exploit Kit. Like the Redkit Exploit Kit, this is one of the many newer exploit kits that are attempting to dethrone what remains without question the main exploit kit on the market, the Black Hole Exploit Kit. These malicious exploit kits are often associated with JavaScript Trojans that are specifically designed to force computer users to become exposed to the malicious Web page containing the exploit kit. Mal/ExpJS-BH is one of these types of malware attacks.

Essentially, criminals create attack websites that contain an exploit kit to attack visitors' computers. These are essentially malware infections designed to attempt to take advantage of a large number of known vulnerabilities in the infected computer's computer in order to infect it with malware. However, the key to these attacks is actually forcing computer users to visit the websites containing the exploit kit. That is where Mal/ExpJS-BH and other JavaScript Trojans come in.

Typically criminals can compromise a legitimate website so that it will redirect computer users to an attack website containing the exploit kit. Legitimate websites can be compromised in a variety of ways, but this typically occurs because the affected website contains outdated software or is using weak passwords. Basically, a malicious iFrame is injected into the compromised website which, taking advantage of vulnerabilities in JavaScript, loads automatically in the background and forces the victim's Web browser to open the attack website containing the exploit kit.

How the Mal/ExpJS-BH JavaScript Trojan Goes One Step Beyond Other Similar Attacks

Mal/ExpJS-BH has caught the attention of PC security researchers because its redirect goes one step further in ensuring that victims are exposed to malicious content. The compromised website is not merely injected with a redirect Trojan. Rather, the entire website is compromised in some way. Tthe Mal/ExpJS-BH attack involves a JavaScript component that loads a remote PluginDetect or DeployJava libraries and another one that forces the target to load a JAR file located on a remote server. This JAR file is, of course, malicious and exposes the victim to an exploit kit and to other malicious content. Presently, Mal/ExpJS-BH is being used mostly to distribute Police Ransomware Trojans.

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.