This code html steals user login on Orkut.
No antivirus can detect it.
EDIT.
Help analysts team !!!
This code html steals user login on Orkut.
No antivirus can detect it.
EDIT.
Help analysts team !!!
dont post malware code in the forum, if/when detected by any AV the alarm will go of for everyone entering the forum
edit you post and remove it
if you want to post it, take a picture of the code an post the picture
Code sample sendt avast
I have attached the code image in post.
It was good?
It was good?dont understand ?
My english is poor …
My english is poor ...
Ya it is good.
Thanks very much !
SOPHOS analysis
2011-04-18 01:48:34 This appears to be from a legit social networking site made by Google. It requies Javascript to be enabled, even to see "Help" or "About" pages - bad Google! There does not appear to be any malicious code or malicious redirection involved.
Avira analysis
The file 'ScriptA.txt' has been determined to be 'CLEAN'. Our analysts did not discover any malicious content.
But this code takes advantage of security flaws inside Orkut.
I captured this code from a spam post in a community.
Surely it is malicious.
I am still waiting on Norman analysis
I some how had a feeling that the site underlined in the image(see pic nmb0A) is suspicious. I still feel its true.
See Anubis report here :o See summary(pic nmb0B)
Someone should take a look.
NORMAN analysis say
Added detection for this. So closing the case. - Processed - JS/Agent.PP
More info can be found here - http://translate.google.co.in/translate?hl=en&sl=pt&u=http://www.google.com.br/support/forum/p/orkut/thread%3Ftid%3D6a51c774b448b1dd%26hl%3Dpt-BR&ei=dl6tTa3GLMGRgQf6s9mHDA&sa=X&oi=translate&ct=result&resnum=1&ved=0CB4Q7gEwAA&prev=/search%3Fq%3Dhttp://96.9.168.172%26hl%3Den%26biw%3D1366%26bih%3D628%26prmd%3Divns
So it is
Hi nmb and pondus,
Sheer coincidence? Finding up this link!: htxp://pastebin.com/Rcr5CUVU
See: http://whois.domaintools.com/tudoaver.net (domain does not exist anymore or is unaccesible)
polonus
I can’t see that string posted on http://whois.domaintools.com/tudoaver.net Can you post a screenshot of it, sir Pol?
Hi nmb,
Here you go, see attached gif,
also info here: http://www.whoisentry.com/domain/tudoaver.com
pol
well, after Omid Farhang had a little talk with Avira…they added detection
Thanks! :
And Avast ???
Nothing !