JS malware not detected...

Location of malware: script source: htxp://inetrate.info/3
See: http://www.unmaskparasites.com/web-page-options/?url=http%3A//inetrate.info/3&susp=1&sb=1
Sucuri finds: Malware found in the URL: htxp://inetrate.info
Known javascript malware. Details: http://sucuri.net/malware/entry/MW:OSCOM:1

Blacklisted javascript included on: http://inetrate.info
Javascript included from a blacklisted domain. Details: http://sucuri.net/malware/entry/MW:BLK:2
Javascript:: nt07 .in
http://sucuri.net/malware/malware-entry-mwjs519
Filescan: http://www.virustotal.com/file-scan/report.html?id=25a32e3a879fee965981791d8e0ff44fc69fad5dbd07c93eeb37279d42a400af-1300672737
See what it writes here: http://wepawet.iseclab.org/view.php?hash=90218f40c3762738149130b4551d9208&t=1300828590&type=js
nested script block - exploitable bug…

polonus

Hey Pol :slight_smile:

Looked at that script with malzilla, and jsunpack seems to suggest that the script leads nowhere ???

Seems that it did at one point lead to the nt site you mention, now though, I am not sure…

Scott

As malware may be short-lived, it may no longer be there, as the source link of the script has been taken down.
I will try to verify with netirk. Sometimes they are somewhat longer blocked by unmasked parasites etc.
But detection should be available for the exploit if the malware may appear in other sites, and not only by Kaspersky’s…

polonus

Long suspicious script not found here:
http://www.virustotal.com/url-scan/report.html?id=05ca12d9a9c0033226f3bf067dbdb7fc-1300829138
file analyzed here: http://www.virustotal.com/file-scan/report.html?id=ab146843ff2054caa914dc4eba4b6f16bb329571fd25af5daaabf18f283611cb-1300832981
look here: http://www.google.com/safebrowsing/diagnostic?site=perlovkablog.uv.ro

polonus