Someone sent me this link: htxp://contagiodump.blogspot.no/
Then avast Networkshield alerted me to BV:DelFiles-B[Trj] in the browser executable process.
Boy, am I glad to have that avast Networkshield installed.
Have to say before alerting, I had to lift noscript blocking that malware…
Given benign here: http://zulu.zscaler.com/submission/show/4f546320e6ffaf77d3aba45da7c1b87e-1354366764
4 potentially suspicious files
wXw.blogger.com/post-edit.g?blogID=7885177434994542510&postID=5116555681441968371&from=pencil
File size[byte]:
80964
Threat type:
Potentially Suspicious
Details:
Detected hidden reference to external web resource.
Reason:
Detected generation of hidden DOM element [iframe].
C50CF6DB56B8DE527799A68294FF4D04
Scan duration[sec]:
0.175000
twitter dot com/%23%21/search/contagiodump
File size[byte]:
66150
Threat type:
Potentially Suspicious
Details:
Detected procedure that is commonly used in suspicious activity.
Reason:
Too low entropy detected in string ‘/[1]*[a-z_----------------------’ of length 213 which may points to obfuscation or shellcode.
MD5:
1B0274E1A26B9C447A8C0FB61D93838B
Scan duration[sec]:
0.135000
community.rapid7 dot com/community/metasploit/blog/2012/09/16/lets-start-the-week-with-a-new-internet-explorer-0-day-in-metasploit
File size[byte]:
116215
Threat type:
Potentially Suspicious
Details:
Detected potentially suspicious content.
Reason:
Detected potentially suspicious initialization of function pointer to JavaScript method document.write __tmpvar971250210 = document.write;
MD5:
241758146B4C42C6A01AAF8E0926D787
Scan duration[sec]:
3.383000
wXw.blogger.com/post-edit.g?blogID=7885177434994542510&postID=6269574680922556213&from=pencil
File size[byte]:
80943
Threat type:
Potentially Suspicious
Details:
Detected hidden reference to external web resource.
Reason:
Detected generation of hidden DOM element [iframe].
MD5:
2FFA9DD1099A8871D6D348A1455EDC57
Scan according to Quttera scan results …
polonus
a-z0-9_------------------------------------------------------------- ↩︎