Opera portal redirected users to a malicious resource
According to Bitdefender, the Opera browser portal website (portal.opera.com) for several hours redirected users to a page with a set of Blackhole exploits.
One of the BlackHole features most appreciated by cybercriminals is the sophisticated traffic direction script (TDS), which supports very complex actions.
A complex malicious script was executed on the portal website, which placed an iframe element with the contents of a remote resource on the main page. Most likely, the script was uploaded using the advertisement placed on the portal.
According to the researchers, “This malicious page contains a set of BlackHole exploits (we got an example with a PDF file exploiting vulnerability CVE-2010-0188), which strikes an unsuccessful user with a freshly compiled ZBot.”
Bitdefender employees also noted that the ZBot was downloaded from a Russian-based the server, which most likely was also hacked.
Users who visit this site are encouraged to check their system for malware.
A detailed report can be found to hack