Anyone?
The hack in the code is redirecting, see here: htxp://siteinspector.comodo.com" target=“_blank”> < img alt=“Site inspector” src=“^^/images/logo.png?^^1348574868”
going to pr0n…
Now I get:
nfo: [img] siteinspector.comodo dot com/images/main/q4_2.png (data vector)
info: [decodingLevel=0] found JavaScript
error: undefined variable $
error: undefined function $ (referencing something that does not exist!)
suspicious:
Yes I am aware there are a couple of these tricks being used by malcreants:
One is detecting whether a sandbox or VM is present and then malware stops to function.
Another one is detecting mouse activity, if mouse driven traffic is not detected the malware stops functioning,
A third one is going into sleep mode for some time and then activate or re-activate.
All of these methods are known to circumvent av detection, and are known to be used now.
In the above case apart from the reasons you mention another could be that with two functions each calls the other in large javascript code bases.
And I think that is what caused it here. Or it could just have been simple recursion causing it.