Hi malware fighters,
For the script see analysis here:
htxp://jsunpack.jeek.org/dec/go?report=7c4d6fe0548f7d978a575e6870a51902aaf20126
Here it is not detected, but reported as a possibility:
http://wepawet.iseclab.org/view.php?hash=1e696cac008fb8e642df536ba923ffd2&t=1276294790&type=js
Technical details:
http://www.symantec.com/security_response/writeup.jsp?docid=2007-111215-5430-99&tabid=2
Various instances found: Virus
Threats found: 6
Threat Name: VBS.Invadesys.A
Location: htxp://www.andrews.edu/~marinho/presentations.html
Threat Name: VBS.Invadesys.A
Location: htxp://www.andrews.edu/~marinho/publications.html
Threat Name: VBS.Invadesys.A
Location: htxp://www.andrews.edu/~marinho/index.html
Threat Name: VBS.Invadesys.A
Location: htxp://www.andrews.edu/~marinho/online_courses.html
Threat Name: VBS.Invadesys.A
Location: hxtp://www.andrews.edu/~marinho/
Threat Name: VBS.Invadesys.A
Location: htxp://www.andrews.edu/~marinho/index2.html
Heuristic Virus
Threats found: 4
Here is a complete list:
Threat Name: VBS.Invadesys.A
Location: htxp://www.andrews.edu/~marinho/index2.html
Threat Name: VBS.Invadesys.A
Location: htxp://www.andrews.edu/~marinho/online_courses.html
Threat Name: VBS.Invadesys.A
Location: htxp://www.andrews.edu/~marinho/publications.html
Threat Name: VBS.Invadesys.A
Location: htxp://www.andrews.edu/~marinho/index.html
Drive-By Downloads
Threats found: 1
Here is a complete list:
Threat Name: VBS.Invadesys.A
File name: c:\windows\system32.vbs
Location: htxp://www.andrews.edu/~marinho
part of VBS code see attached gif