See: http://urlquery.net/report.php?id=4466625
See: http://support.clean-mx.de/clean-mx/viruses.php?ip=60.199.243.219&sort=id%20DESC
avast! web shield blocks this malware!
as here - blocked by avast! Web Shield: hxtp://urlquery.net/report.php?id=4382685 as JS:iframe-CSDU[Trj]
and here: htxp://urlquery.net/report.php?id=4725554
and here: htxp://urlquery.net/report.php?id=4107124 also.
So we have detection for TrojWare.JS.TrojanDownloader.Iframe.MAD
polonus
Pondus
2
Hi Pondus,
As we try to scan this via jsunpack we get an immediate avast webshield alert for JS:Decode-AQC[Trj]
also see the scan here that has IDS alerts: http://urlquery.net/report.php?id=4856252
ET CURRENT_EVENTS c0896 Hacked Site Response (Inbound) 3 (2230 google results, quite some campaign) *
see: http://www.emergingthreats.net/2013/07/24/daily-ruleset-update-summary-07242013/ (author wmetcalf)
&
INDICATOR-OBFUSCATION obfuscated document command - used in exploit kits -166.000 results
1:25592 ↔ ENABLED ↔ INDICATOR-OBFUSCATION obfuscated document command - used in exploit kits (indicator-obfuscat snort →
http://exploitsdownload.com/search/WinDows%207/329
polonus
Pondus
4