See: http://code.google.com/p/malwaremustdie/wiki/DGA_Research_Tips
Enough of the code - innocent there - exposed to alert avst Web Shield.
Where the malcode was found, well here - see the red javascript section - http://www.urlquery.net/report.php?id=626085
polonus
Same story only told in a slightly different way: http://labs.sucuri.net/?details=lazgbo.mynumber.org
From another angle IPs involved: http://pastebin.com/Y7rnut0t
Also our forum friend - !Donovan - published about this on his WAR site.
polonus
first obfuscated
https://www.virustotal.com/en/file/f89cd4399865904ae5670b4ec04fc359371eefcb15d995448ba0a43eb4acdff6/analysis/1384987004/
second obfuscated
https://www.virustotal.com/en/file/ae4c4a855a9b450f2838b300e1415b926adefebb5f79bafe41505e5f405df0df/analysis/1384987017/
Hi Pondus,
Well, bravo for Norman detection here. I hope avast! will follow put.
Thank you very much for checking this out for all of us that are trying to aid avast! detection.
I know we can always rely on you, Pondus.
Well done!
polonus