Facebook Scam/Iframe Not detected.

Viruses and worms
1

See:
http://zulu.zscaler.com/submission/show/10c1921f7b5605e2a3f29d02b93aacd9-1403800413

Flagged by sophos: https://www.virustotal.com/en/file/37801753509b5cea308e519daa5431bb74bd579364bc3df059dffc9e3f87c6e0/analysis/1403800736/

Reported to virus AT avast DOT com.

2

Hi True Ind,

A rather interesting find and thanks for reporting it to our community members,

Must have been taken down in the mean time as I get:
htxp://futurell.pw/man-aliive/links.php
Page Response Status
htxp://futurell.pw/man-aliive/links.php
500 Can’t connect to futurell.pw:80 (Bad hostname)
Content-Length: 154
Content-Type: text/plain
clean
htxp://futurell.pw/test404page.js
500 Can’t connect to futurell.pw:80 (Bad hostname)
Content-Length: 154
Content-Type: text/plain
clean

which is being confirmed for that IP here by Viruswatch Archives: Down: NA RIPE NL 188.122.72.112 to 188.122.72.112 188.122.72.112 htxp://188.122.72.112:8080/19FD8102DFF53A4B2D3A55A5C680D15EE00CB9A66D

Flagged here: http://urlquery.net/report.php?id=1403803270060 (site not suitable for minors)

IDS alerts, two instances of “ET INFO HTTP Request to a *.pw domain” with threat severity 2 for
“NUCLEAR PACK EXPLOIT KIT” - users with vulnerable java are exploitable through this malcode.

polonus

3

Hi Pol,

Good to see your analyzing skills back agin.Thanks for the analysis.Interesting stuff really.

True Indian.