Homepage BitDefender newsroom
Register as BUSINESS Register as PR AGENCY Register as JOURNALIST

Opera users exposed to Blackhole through browser homepage

Announcement posted by BitDefender 15 Nov 2012

SYDNEY/AUCKLAND November 15, 2012 – For at least the last few hours, Opera users have been exposed to e-threats coming from the notorious Blackhole exploit pack. Earlier today, the Bitdefender automated scan systems alerted us to the fact that a malicious obfuscated script loaded by hxxp://portal.opera.com address redirects users towards a malicious page hosting the notorious Blackhole exploit. Most likely, the script has been loaded through third-party advertisement, a practice commonly known as malvertising.

The hidden and obfuscated piece of code in the Opera Portal homepage inserts an IFrame that loads malicious content from an external source. If the Opera user hasn’t changed their default homepage, active malicious content is loaded from a third-party website (g[removed]750.com/in.cgi) whenever they open their browser.

This malicious page harbours the Blackhole exploit kit (we got served with the sample via a PDF file rigged with the CVE-2010-0188 exploit) that will infect the unlucky user with a freshly-compiled variant of ZBot, detected by Bitdefender as Trojan.Zbot.HXT. The ZBot malware is on a server in Russia which, most probably, has also fallen victim to a hacking attack, allowing unauthorized access via FTP.

Bitdefender detects the obfuscated script as Trojan.Script.478548; the offending page loaded by the Opera Portal was also blocked since the emergence of the attack via the cloud URL blocker.

If you have any doubts about whether you have fallen victim to this stunt, you should run a 60-second QuickScan available on the Bitdefender Quickscan website.

This article is based on the technical information provided courtesy of Cristina Vatamanu and Răzvan Benchea, BitDefender Virus Analysts.

###

For further information about Bitdefender, please contact

Anna Barnes
Howorth Communications
02 8281 3802

anna@howorth.com.au

About Bitdefender®

Bitdefender is the creator of one of the world's fastest and most effective lines of internationally certified internet security software. Since 2001, the company has been an industry pioneer, introducing and developing award-winning protection. Today, Bitdefender technology secures the digital experience of around 400 million home and corporate users across the globe.

Recently, Bitdefender won a series of important awards and accolades in the global security industry, including “Editor’s Choice” by PC Mag for Bitdefender Antivirus Plus 2013 and the “GoldAward” by TopTenREVIEWS that confirmed the software’s top spot among 25 tested security products. Bitdefender antivirus technology has also finished top in leading industry tests from both AV Test and AV-Comparatives. More information about Bitdefender's antivirus products is available from the company's security solutions press room. Additionally, Bitdefender publishes the HOTforSecurity blog, a sizzling blend of steamy computer security stories and stimulating visuals that spotlights the seedy underworld of internet fraud, scams, malicious software – and gossip.