Malware here: hxtp://www.fabulart.es/fiestas_infantiles.htm
c:\documents and settings\user\local settings\temporary internet files\content.ie5\k3rvotvy\pompas1[1].gif
another drive-by-download: hxtp://www.fabulart.es/gif%20y%20flash/pompas1.gif
Trojan gifname heuristic find - is this real?
Tried to find that out via the bad iFrame checker:
No zeroiframes detected!
Check took 3.51 seconds
(Level: 0) Url checked:
htxp://www.fabulart.es/gif%20y%20flash/pompas1.gif
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (iframe source)
htxp://adforce.imgis.com/?adiframe|2.0|34|136702|1|1|adforce;
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 2) Url checked: (iframe source)
htxp://ads2.drivelinemedia.com/html.ng/params.richmedia=yes&group=park&cid=201384&position=footbanner1&sid=imgis.com&search=information+systems&adsize=728x90&supercat=other&cat=other&subcat=other&country=fi&domain=imgis.com&transactionid=3525775534176841057&city=null&st=null&bizcat=null&refine=null
Blank page / could not connect
No ad codes identified
(Level: 2) Url checked: (script source)
htxp://adforce.imgis.com//inc/homepage.js
Blank page / could not connect
No ad codes identified
(Level: 1) Url checked: (script source)
htxp://adforce.imgis.com/?addyn|2.0|34|136702|1|1|adforce;loc=700;
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 2) Url checked: (iframe source)
htxp://ads2.drivelinemedia.com/html.ng/params.richmedia=yes&group=park&cid=201384&position=footbanner1&sid=imgis.com&search=information+systems&adsize=728x90&supercat=other&cat=other&subcat=other&country=fi&domain=imgis.com&transactionid=3525775548856840066&city=null&st=null&bizcat=null&refine=null
Blank page / could not connect
No ad codes identified
(Level: 2) Url checked: (script source)
htxp://adforce.imgis.com//inc/homepage.js
Blank page / could not connect
No ad codes identified
Then the attached code is at least suspicious to me, see: htxp://jsunpack.jeek.org/dec/go?report=227105a447255b7fa44fadb57890abae9dca0a55