See: http://urlquery.net/report.php?id=128564
scrpt source = htxp://d2.zedo.com/jsc/d2/fo.js with suspicious code from d2.zedo.com/jsc/d2/fo.js
XSS inscription injection detected: http://xss.cx/examples/dork/xss/3.22.2011.dork-xss-report.html
see: http://xss.cx/examples/dork/xss/3.22.2011.dork-xss-report.html#2.2
See http requests and DNS request in Sophos’s Detailed Analysis: http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~VB-EXA/detailed-analysis.aspx (also going to this request source)…FILEMAGIC Macromedia Flash data (compressed) on http://urlquery.net/report.php?id=96773
polonus