Howdy folks,
I added a gif image of a script. To me it looks suspicious. What do you think?
polonus
Howdy folks,
I added a gif image of a script. To me it looks suspicious. What do you think?
polonus
The first line tells me it’s no good.
Norman found nothing, but it was mentioned in the listing here: http://malwaredomains.com/updates/20110324.txt
and mentioned here:
http://www.malwaredomains.com/wordpress/?p=1714
as reported to me something might be here: htxp://adserver.fuzzybean.com/www/delivery/fl.js (see malzilla gif attached)
is trojan redirector malware (not dangerous itself, but known to alter shockwave settings)
further see: htxp://jsunpack.jeek.org/dec/go?report=4c35263ce4fd20950ed2f8ec4c7dee8a96b85c26
seen as benign here: http://wepawet.iseclab.org/view.php?hash=c39988364c65a30998a26fc6fcb9ab00&t=1301088385&type=js
Similar malware resides or could have resided here: htxp://www.freelotto.com/xmljs/FL.js
see: http://wepawet.iseclab.org/view.php?hash=eff40cb71cc361ebd56c804d21f3ae60&t=1301088773&type=js
but nothing detected at virustotal: http://www.virustotal.com/file-scan/report.html?id=0a1f3eee6e5779d09481ddb6ccc389ce89281985e5ae12deba46da202d2bbd26-1301088733
probably because it already has been taken out???:
http://jsunpack.jeek.org/dec/go?report=e551bb2202dd84fa6ad8dbd4d777612dcd69fd7c, but malzilla gets it…
polonus