Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

"Inheritest the Lions Den" ?? spammed website, suspect javascript

0 views
Skip to first unread message

nobody >

unread,
Nov 22, 2009, 4:55:49 AM11/22/09
to
Spammed at me, definite social engineering here (curiosity factor)


Mr Quangle Wangle, grant us that?
hxxp:/**/myguestbook.h1.ru/jeopardized.html

mqnjzolw


I'm no js expert, all I know is how to spot it. Anyone here want to
tackle it?

URL "defanged". Don't go there unless you *know* what you are doing.

Just as an aside, I use http://web-sniffer.net/ to look at any suspect
website as a web-based "raw browser". I'd love to see what those people
who make their URLs track IPs think when they see where it goes..

If the site's gone, email me for a text file saved of the contents.

Ant

unread,
Nov 22, 2009, 10:20:05 AM11/22/09
to
"nobody >" wrote:

> hxxp:/**/myguestbook.h1.ru/jeopardized.html

> I'm no js expert, all I know is how to spot it. Anyone here want to
> tackle it?

The script in the head element starts like this:
evf1=[112,99,97,99,116,...

All that does is set the window.location to kecacbt.cn which is a fake
pills site. No malware involved as far as I can tell. The rest of the
page is just ad-click stuff.


0 new messages