Malicious VBS script detected here...

Hi malware fighters,

For the script see analysis here:
htxp://jsunpack.jeek.org/dec/go?report=7c4d6fe0548f7d978a575e6870a51902aaf20126
Here it is not detected, but reported as a possibility:
http://wepawet.iseclab.org/view.php?hash=1e696cac008fb8e642df536ba923ffd2&t=1276294790&type=js
Technical details:
http://www.symantec.com/security_response/writeup.jsp?docid=2007-111215-5430-99&tabid=2

Various instances found: Virus
Threats found: 6

Threat Name: VBS.Invadesys.A
Location: htxp://www.andrews.edu/~marinho/presentations.html

Threat Name: VBS.Invadesys.A
Location: htxp://www.andrews.edu/~marinho/publications.html

Threat Name: VBS.Invadesys.A
Location: htxp://www.andrews.edu/~marinho/index.html

Threat Name: VBS.Invadesys.A
Location: htxp://www.andrews.edu/~marinho/online_courses.html

Threat Name: VBS.Invadesys.A
Location: hxtp://www.andrews.edu/~marinho/

Threat Name: VBS.Invadesys.A
Location: htxp://www.andrews.edu/~marinho/index2.html

Heuristic Virus

Threats found: 4
Here is a complete list:
Threat Name: VBS.Invadesys.A
Location: htxp://www.andrews.edu/~marinho/index2.html

Threat Name: VBS.Invadesys.A
Location: htxp://www.andrews.edu/~marinho/online_courses.html

Threat Name: VBS.Invadesys.A
Location: htxp://www.andrews.edu/~marinho/publications.html

Threat Name: VBS.Invadesys.A
Location: htxp://www.andrews.edu/~marinho/index.html

Drive-By Downloads 

Threats found: 1
Here is a complete list:
Threat Name: VBS.Invadesys.A
File name: c:\windows\system32.vbs
Location: htxp://www.andrews.edu/~marinho

part of VBS code see attached gif

VirusTotal - presentations.html - 27/40
http://www.virustotal.com/analisis/1750a53cf4f9b56dcb67a25c08d92ae64aad6bf5d24190277459d231052f654e-1276296812

Virustotal - marinho.htm - 1/41
http://www.virustotal.com/analisis/66d6173d0bb31059e3e6560e898a623c09bacdc45962e5ae476ea7701e3a0507-1276297933

Hi Pondus,

So the script is detected, so I guess the site is then disconnected as well?
The second one was well worth reporting, hope avast will come to detect it soon…

pol