See: http://maldb.com/austinbarker.net/
Spam check: Suspicion of Spam
htxp://www.hotud.org/" title=“payday loans”>payday loans
Quttera also detects 2 sispicious files here: (Compacted using Packer in PHP)
/modules/mod_rokajaxsearch/js/rokajaxsearch.js
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [[‘this var=if new({Element:“options.inject”,class:{'function':div,'arrow':selectedEl,'left':goog’]] of length 9910 which may point to obfuscation or shellcode.
Threat dump: http://jsunpack.jeek.org/?report=169734b13eb9cb40de81f03274d27e8b00696637
File size[byte]: 15933
File type: ASCII
MD5: 02DA0CC0BBA4D40702EA5FA7FD5AC036
Scan duration[sec]: 0.497000
/plugins/system/rokbox/rokbox.js
Severity: Potentially Suspicious
Reason: Detected potentially suspicious content.
Details: Detected potentially suspicious initialization of function pointer to JavaScript method write __tmpvar1083890297 = write;
Threat dump: http://jsunpack.jeek.org/?report=cff0a2a31ace7b2f3bc35fa33b8fb13eab25ead1
File size[byte]: 22076
File type: ASCII
MD5: 764636E4B741E13F6D3BCED66420A102
Scan duration[sec]: 0.162000
avast! Web Shield blocks this code as JS:Agent-HA[Trj] here → htxp://stackoverflow.com/questions/2731345/what-exactly-does-this-piece-of-javascript-do
pol
Awfully glad I can inform all of us here we have protection from the site’s malcode
again through the marvelous avast! Webshield that blocks this as it detects:
JS:HideLink-A[Trj]
Chapeau to all developers of avast! Webshield. avast team’s Vlk and Milos well done!
Damian