wXw.blogger.com/static/v1/widgets/2271878333-widgets.js
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [[‘%26tran=%26npn=1%26=%26=%26=%26=%26=%26=%26#falsefontFamilyfontFamily=%26true=%26=%26=%26I=%26true=%26=%26=%26=%26=%26I=%26=%26=%26=%26=%26=%26=%26=%26=%26=’]] of length 104 which may point to obfuscation or shellcode.
Threat dump: *
Threat dump MD5: 8F29EF73A1D7DCC46A744FDA44397451
File size[byte]: 90737
Object: htxp://adictosalaspollas.blogspot.com/2011/07/art-women-cold-nudes_6.html
SHA1: 709652c87ecc52bc15f4838574d96e41ceaf3d0a
Name: TrojWare.JS.TrojanClicker.FbLiker.A
File type: ASCII
MD5: C854B114DE8AA773046F868953C7018A
Scan duration[sec]: 4.057000
Also missed here: http://urlquery.net/report.php?id=1411764554379
See code image attached *
See also: http://jsunpack.jeek.org/?report=865cd48a1737ad10856c843fd7ec3385204f7686
Above link for security researchers only- open with NoScript active and in a VM to be more secure!
polonus