Mr Quangle Wangle, grant us that?
hxxp:/**/myguestbook.h1.ru/jeopardized.html
mqnjzolw
I'm no js expert, all I know is how to spot it. Anyone here want to
tackle it?
URL "defanged". Don't go there unless you *know* what you are doing.
Just as an aside, I use http://web-sniffer.net/ to look at any suspect
website as a web-based "raw browser". I'd love to see what those people
who make their URLs track IPs think when they see where it goes..
If the site's gone, email me for a text file saved of the contents.
> hxxp:/**/myguestbook.h1.ru/jeopardized.html
> I'm no js expert, all I know is how to spot it. Anyone here want to
> tackle it?
The script in the head element starts like this:
evf1=[112,99,97,99,116,...
All that does is set the window.location to kecacbt.cn which is a fake
pills site. No malware involved as far as I can tell. The rest of the
page is just ad-click stuff.