URL: hxxp://www.bena.sk/itunes/ (DRIVE BY DETECTED)
VT: hxxps://www.virustotal.com/en/url/790bb95d3f65aa61e764c03fe676a591caa18a2f0323b978cdbf26319fac55d0/analysis/1400081477/
Norton: hxxp://safeweb.norton.com/report/show?url=bena.sk
Zulu: hxxp://zulu.zscaler.com/submission/show/e51ca025d5ffa8c8eca0de995ad7f44c-1400081590
Website is blocked by Chrome.
Also detected here: http://killmalware.com/www.bena.sk/itunes → malicious link: htxp://www.bena.sk/itunes/5be33ddf1ffe970da46bb0b73a38e76f/
Also Sucuri fails with detection, and also not detected by http://www.websicherheit.at/en/security-tools/web-security-test-scan-results/
Protection against this malware, read here: http://www.blackhatworld.com/blackhat-seo/shit-list/279491-justhost-just-made-my-shit-list-all-websites-hacked.html#post2523684 (post #10 by tillu)
Decoded I read:
document.write(unescape('<meta HTTP-EQUIV="REFRESH" content="0; url=WebObjects/iTunesConnect.html">') etc. );
HTML Encryption provided by iWEBTOOL.com →
Google safebrowsing blocks htxp://www.bena.sk/itunes/5be33ddf1ffe970da46bb0b73a38e76f/ as a known PHISHing site.
Same phishing reported here: https://www.virustotal.com/nl/url/b83180bd50f7e012251ff1efc8fd17db3619ca40ce20fb5b21af91c1a10154d4/analysis/
pol
1 detection.
Virustotal gives clean when scanning the malicious code inside a text file: https://www.virustotal.com/en/file/dbe5a9acc47cd02478055032cf1bb13c68a6f9468a9c64372c9aaa3a553e3124/analysis/1400084264/