Avast Web Shield detects exploit used...

Avast webshield detects JS:CVE-2009-0075-A[Expl] here: http://urlquery.net/report.php?id=123449
See: https://www.virustotal.com/file/caaa8129a285c4d4c8def9d1032a35b3e144d2d98a047097e1dd617a7e925efd/analysis/
See for the malcious code method: http://power4247.tistory.com/m/post/view/id/211 (author = Kwan)
What we explore there:
suspicious: Warning detected /warning CVE-NO-MATCH Shellcode Engine Binary Threshold
suspicious: Warning detected /warning CVE-NO-MATCH Shellcode Engine Length 65536 /warning CVE-NO-MATCH Shellcode NOP len 524282 /warning CVE-NO-MATCH Shellcode NOP len 198528 /warning CVE-NO-MATCH Shellcode Engine Binary Threshold /warning CVE-NO-MATCH Shellcode NOP len 1551
suspicious: shellcode of length 976/488
malicious: XOR key [shellcode]: 189

pol

Threat still with us to-day: a suspicious code: https://urlscan.io/result/8d4663cf-9f09-4ff4-b17d-bc086644ee77/content/

and the error or “mock” analysis here:

suspicious: Warning detected /warning CVE-NO-MATCH Shellcode Engine Binary Threshold -cdn.augur.io/augur.min.js suspicious [suspicious:5] (ipaddr:104.20.141.21) -cdn.augur.io/augur.min.js status referer - saved 38538 bytes ddf7121abcf24e645ab7a48bc1ac44e559e07218 info: [decodingLevel=0] found JavaScript error: line:21: SyntaxError: missing } after function body: error: line:21: f(v)>-1&&(r("surpress",e.error),e.preventDefault(),F||(e.stopPropagation(),e.stopImmediatePropagation()))})}),u.augur=new L) error: line:21: ...^ suspicious: Warning detected /warning CVE-NO-MATCH Shellcode Engine Binary Threshold
above code is being blocked by uBlock Origin. On error -> There is a syntax mistake when creating a function somewhere. Also check if any closing curly brackets or parenthesis are in the correct order. Indenting or formatting the code a bit nicer might also help you to see through the jungle. (info source developer.mozilla.org).

polonus (volunteer website security analyst and website error-hunter)