Trojan.Zbot.HXT is a Trojan that targets Opera users. Trojan.Zbot.HXT takes over the default Opera's portal page with an obfuscated redirect, which results in the Blackhole exploit kit. The script, found as Backdoor:Win32/Godo.A is loaded through third-party malicious advertisements, known as malvertising, which is a popular and successful technique used by scammers to hack commercial websites that accept advertising. Trojan.Zbot.HXT embeds an iFrame that loads infectious content from a distant source. If the Opera user hasn't changed the default homepage, active malicious content is loaded from a third-party website 'g[removed]750.com/in.cgi' once they open their Internet browser. This malicious website covers the BlackHole exploit kit, which might be served with the sample via a PDF file equipped with the CVE-2010-0188 exploit, that will affect the targeted computer system with a variation of ZBot Trojan, identified as Trojan.Zbot.HXT.