See: http://wepawet.iseclab.org/view.php?hash=002700232da58542a52a8771c574383d&t=1305320485&type=js
adware links to: http://www.urlvoid.com/scan/liveinternet.ru (suspicious)
and to this: http://www.urlvoid.com/scan/top.mail.ru (suspicious)
Re: htxp://jsunpack.jeek.org/dec/go?report=3799b42144cc0f1792b124291d1b17360e00728f
Visit above link only when security aware, with ample script protection and sandboxed
Apart from the counter code the site seems secure…http://www.webutation.net/go/review/beertop.ru
Sucuri site check:
web site:
htxp://www.beertop.ru
status:
Site verified to be secure and free of malware.
web trust:
Site not blacklisted, but bad reputation: WOT: http://www.mywot.com/en/scorecard/beertop.ru
polonus
Norman analysis - infected
wxw.beertop.ru.htm : Processed - Agent.VBIF
Hi Pondus,
Thanks for the conformation of this being malware.
As always it is valuable additional information you are providing,
site also had been part of the Nosferatu malware campaign:
re; http://research.zscaler.com/2011/03/webfusion-nosferatu-seofakeav-campaign.html (article source Zscaler blog, March 7 last)
because we see code with this link going here:
hxtp://www.liveinternet.ru/click
re: http://wepawet.iseclab.org/view.php?hash=002700232da58542a52a8771c574383d&t=1305320485&type=js
Damian