Hi malware fighters,
Just for the fun of it I gave the code of a very well know Dutch site into jsunpack, I was startled to find suspicious code:
htxp://jsunpack.jeek.org/dec/go?report=639f39b5c0b9cde0e5d93cab746c076dc70c6a54
and well here: wXw.buienradar.nl/ScriptResource.axd?d=etc
See attached picture…
Can someone analyze?
Well, heavily obfuscated, but it seems benign: http://wepawet.iseclab.org/view.php?hash=4e8cb6e96f2ff0276df63a5b89ff6100&t=1276111333&type=js
avast comes up with: JS:Pdfka-WI [Expl] exploitation
detected as a FP here: http://forum.avast.com/index.php?topic=43660.0
polonus