Hi malware fighters,
It is not easy to get the malcode bird, running around with salt to spray on it’s tail, but results can be contradictory and very shortlived. Want an example here we go trying to catch it (found 5 suspicious obfuscated scripts so far):
Compare: http://safeweb.norton.com/report/show?name=robanoxa.com infected
to: http://www.unmaskparasites.com/security-report/?page=http%3A//robanoxa.com clean
also this: http://scanner.novirusthanks.org/analysis/e317cd29bf4f7a4218fe7aa5e024b334/aW5kZXg=/ clean
http://wepawet.iseclab.org/view.php?hash=72f3f5cd4a7340f58d57389e970765bf&t=1272999723&type=js benign
That is how short lived malware sites can be
hxtp://jsunpack.jeek.org/dec/go?report=c024cf6ccc5e6826c99da8169740b567474c6a29
The site was redirected to malcode from this malware site: huyandex*com
with 5 suspicious inline scripts: http://www.unmaskparasites.com/security-report/?page=http%3A//huyandex.com
apparently suspicious and malicious, again here given as clean:
http://safeweb.norton.com/report/show?url=huyandex.com&x=7&y=7
Not good: http://www.mywot.com/en/scorecard/huyandex.com
Checking at DrWeb online URL checker: hxtp://huyandex.com/core/js/jquery/jquery.validate.js
File size: 34.53 KB
File MD5: 2e86cb2590f137a905bbf0cc71afcbde
Good there is NoScript inside the mozilla browser to protect us and the added protection of the avast shields,
against the ever changing waves of malcoded websites on the world wide web,
polonus