Author Topic: What script virus is this?  (Read 2056 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
What script virus is this?
« on: July 30, 2012, 11:07:24 PM »
See DrWeb's url-check: Checking: htxp://rsrc.ph//adsph/index.html%3Fdn=rsrc.ph&r=658&pid=5POLF2X98
File size: 6751 bytes
File MD5: 8971083460234f35eda5baa069700539

htxp://rsrc.ph//adsph/index.html%3Fdn=rsrc.ph&r=658&pid=5POLF2X98 - archive JS-HTML
>htxp://rsrc.ph//adsph/index.html%3Fdn=rsrc.ph&r=658&pid=5POLF2X98/JSTAG_1[51f][391] - Ok
>htxp://rsrc.ph//adsph/index.html%3Fdn=rsrc.ph&r=658&pid=5POLF2X98/JSTAG_2[8db][681] - Ok
>htxp://rsrc.ph//adsph/index.html%3Fdn=rsrc.ph&r=658&pid=5POLF2X98/JSTAG_3[f91][1ab] - Ok
>htxp://rsrc.ph//adsph/index.html%3Fdn=rsrc.ph&r=658&pid=5POLF2X98/JSTAG_4[1164][37a] - Ok
>htxp://rsrc.ph//adsph/index.html%3Fdn=rsrc.ph&r=658&pid=5POLF2X98/JSTAG_5[1506][3a4] - Ok
>htxp://rsrc.ph//adsph/index.html%3Fdn=rsrc.ph&r=658&pid=5POLF2X98/JSTAG_6[18e4][dd] - Ok
>htxp://rsrc.ph//adsph/index.html%3Fdn=rsrc.ph&r=658&pid=5POLF2X98/JSTAG_7[19ed][55] - Ok
>htxp://rsrc.ph//adsph/index.html%3Fdn=rsrc.ph&r=658&pid=5POLF2X98/JSTag_8[8e0][67c] - Ok
>htxp://rsrc.ph//adsph/index.html%3Fdn=rsrc.ph&r=658&pid=5POLF2X98/JSTag_9[f96][1a6] - Ok
>htxp://rsrc.ph//adsph/index.html%3Fdn=rsrc.ph&r=658&pid=5POLF2X98 probably infected with SCRIPT.Virus -> us.yimg dot com/a/ya/overture/120x600_112405.gif
>htxp://rsrc.ph//adsph/index.html%3Fdn=rsrc.ph&r=658&pid=5POLF2X98/JSTag_10[1169][375] - Ok
>htxp://rsrc.ph//adsph/index.html%3Fdn=rsrc.ph&r=658&pid=5POLF2X98/JSTag_11[150b][39f] - Ok
htxp://rsrc.ph//adsph/index.html%3Fdn=rsrc.ph&r=658&pid=5POLF2X98 - Ok

Checking: hxtp://rsrc.ph
Engine version: 7.0.2.4281
Total virus-finding records: 3046599
File size: 1591 bytes
File MD5: 03385d07a68ad59f3c905a09a7f3ce28

htxp://rsrc.ph - archive JS-HTML
>htxp://rsrc.ph/JSTAG_1[5ca][53] - Ok
htxp://rsrc.ph - Ok

What is the malicious js script?

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: What script virus is this?
« Reply #1 on: July 30, 2012, 11:19:06 PM »
Hi folks,

Certainly an indesirable website, that is infected,
because it has Adframe iFrame malware on it,
going to: src='/adsph/index dot html?dn=rsrc dot ph&r=282&pid=5POLF2X98'

Checking: htxp://index.ht
Engine version: 7.0.2.4281
Total virus-finding records: 3046599
File size: 6249 bytes
File MD5: 51384969b9aa43e7280a0a6487be197c

htxp://index.ht - archive JS-HTML
>htxp://index.ht/JSTAG_1[217][6a7] infected with JS.IFrame.298 (avast should detect this as JS:Redirector-YG [Trj])

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!