Two examples here:
http://urlquery.net/report.php?id=59730
and
http://urlquery.net/report.php?id=59737
alert: Detected Sakura exploit kit HTTP GET request
Private Russian Exploit Pack since Jan of 2012: http://www.xylibox.com/2012/01/sakura-exploit-pack-10.html (link posting author Steven K.)
See: htxps://www.virustotal.com/url/cfe063a2e43fe39ecdbd02850f5e660457f07866de50f0e85582aa522cf12c2a/analysis/1337978512/
Only urlQuery detections but also several given at Live - Badmalweb for instance as analyzed here: htxp://zulu.zscaler.com/submission/show/2585c50f5aeda6288d009a1bc6987046-1337978800 given 100/100 malicious
What is the status of these pages?
reported to virus AT avast dot com,
polonus
Hi Pondus,
So Russian Private Exploit Pack and so first to detect this is Kaspersky’s, good we have av detection also then.
and as you have found Opera blocks these sites,
polonus
Most of the given variables in the exploit are not given twice, thus I think that there is another piece of javascript that must first be loaded as I see no if not (!=) or trys.
Hi !Donovan,
The exploit content is an applet or uricontent:"/load.php? laden and that confirms your observations. This malware can be classified as trojan activity as far as the snort rules classification states. So to prevent infection and be protected against the payload of this exploit pack it is important for the common user to have the latest java version, so being fully updated and patched,
polonus