Trojan.Zbot.HXT is a Trojan that targets Opera users. Trojan.Zbot.HXT takes over the default Opera's portal page with an obfuscated redirect, which results in the Blackhole exploit kit. The script, found as Backdoor:Win32/Godo.A is loaded through third-party malicious advertisements, known as malvertising, which is a popular and successful technique used by scammers to hack commercial websites that accept advertising. Trojan.Zbot.HXT embeds an iFrame that loads infectious content from a distant source. If the Opera user hasn't changed the default homepage, active malicious content is loaded from a third-party website 'g[removed]750.com/in.cgi' once they open their Internet browser. This malicious website covers the BlackHole exploit kit, which might be served with the sample via a PDF file equipped with the CVE-2010-0188 exploit, that will affect the targeted computer system with a variation of ZBot Trojan, identified as Trojan.Zbot.HXT.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.