Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Virus Guy
February 17, 2014, 3:31 pm
rate this thread
trigger a browser exploit of some sort, so handle this with care:
The server responds with this:
Just in case the above would have executed for some readers, I replaced
this news server a "line too long" error, so I broke the line after the
";" in various locations (if it matters).
What does that script decode to, or try to do?
above and given some sort of report or decoded result?
VT URL scan gives 2 / 53 in terms of detection as a malicious site
(based on IP / domain of URL and not on contents or files returned?)
VT scan on "sensors.php" returns 2 / 50:
Avast JS:Redirector-BOX [Trj]
Another URL from another recent spam:
I posted that before I noticed the full output of jsunpack.jeek.org:
/*** called setTimeout with window.top.location.href=lufrv2;, 0 */
//jsunpack.url var lufrv2 = http://nursingpharm. com
//jsunpack.url var newurl = http://nursingpharm. com
So nothing exciting, apparently...
Made Avast on this machine squawk. Can't open either your OP or FTR's
response to it.
None are so hopelessly enslaved, as those who falsely believe they
are free. The truth has been kept from the depth of their minds by
masters who rule them with lies.
-Johann von Goethe
+ User FidoNet address: 1:3634/12.71
On Sun, 16 Feb 2014, Virus Guy wrote to All:
VG> avast!: Message body was removed because it contained a virus.
distributing viruses are we? ;) looks like the gateway stripped it to protect
those of us on this side of it :)
VG> ___ NewsGate v1.0 gamma 2
VG> - Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)
One of the great tragedies of life is the murder of a beautiful theory by a
gang of brutal facts. --Benjamin Franklin
+ The FidoNet News Gate (Huntsville, AL - USA) +
+ The views of this user are strictly his or her own. +
+ All data is scanned for malware by Avast! Antivirus +
This email is free from viruses and malware because avast! Antivirus protection is active.
- » Data theft from US retailer Target linked to HVAC company(!)
- — Next thread in » Anti-Virus Software
- » New viral sample (Feb 10 / 2014) ZUAT / Zbot / AXIX
- — Previous thread in » Anti-Virus Software