New spawn of JS/Agent aka JSTrojanDownloader.HackLoad.AH trojan

Various predecessors of this malware have been closed, this however was given to-day: htxp://zulu.zscaler.com/submission/show/dd0f84734642ce05094392411b2bbc74-1336420983
avast should detect this as JS:Redirector-RO [Trj]aka Blackhole aka JSTrojanDownloader.HackLoad.AH trojan
Suricata /w Emerging Threats
Timestamp Source IP Destination IP Alert
2012-05-07 22:04:16 urlQuery Client 31.210.50.42 ET CURRENT_EVENTS Possible Blackhole Landing to 8 chr folder plus index.html
the above according to IDS at: htxp://urlquery.net/report.php?id=52043

reported to virus AT avast dot com,

polonus

URLVoid 3/31: http://urlvoid.com/scan/sebatemlak.net/

I wish it stayed up a little longer. To see how the exploit looked like :-\

Hi !Donovan,

Here the analysis of an exemplar that is still alive and “kicking mischief”: http://anubis.iseclab.org/?action=result&task_id=105cf5c44479650b4a59457f0df870487
Avast is detecting this malware as JS:Redirector-RO [Trj],

polonus