Threat Database Trojans Trojan.Zbot.HXT


By GoldSparrow in Trojans

Threat Scorecard

Threat Level: 90 % (High)
Infected Computers: 6
First Seen: November 20, 2012
Last Seen: July 24, 2020
OS(es) Affected: Windows

Trojan.Zbot.HXT is a Trojan that targets Opera users. Trojan.Zbot.HXT takes over the default Opera's portal page with an obfuscated redirect, which results in the Blackhole exploit kit. The script, found as Backdoor:Win32/Godo.A is loaded through third-party malicious advertisements, known as malvertising, which is a popular and successful technique used by scammers to hack commercial websites that accept advertising. Trojan.Zbot.HXT embeds an iFrame that loads infectious content from a distant source. If the Opera user hasn't changed the default homepage, active malicious content is loaded from a third-party website 'g[removed]' once they open their Internet browser. This malicious website covers the BlackHole exploit kit, which might be served with the sample via a PDF file equipped with the CVE-2010-0188 exploit, that will affect the targeted computer system with a variation of ZBot Trojan, identified as Trojan.Zbot.HXT.


Most Viewed