Hi malware fighters,
Tried to get this tested here: hxtp://testasp.acunetix.com/Search.asp?tfSearch=if+[+%24%23+-ne+1+]%3B+then++++echo+"Usage%3A+%240+<trojan>"++++exit+1+fi
From a piece of code found here: htxp://xorl.wordpress.com/2009/02/26/trojanizing-gnome-and-kde-desktop-files/
I then got a website alert from the avast shield sign of HTML:script inf found and connection was reset,
well done avast found it before I could....even if I try to load it at jsunpack I get the full avast alert and
disconnect: this time it is found as JS:Downloader-LP [Trj] in .....dec/go
Real trojan was reported here: forum.avast.com/index.php?topic=57510.0
and read here:
http://security.thejoshmeister.com/2010/04/google-analytics-typosquatters-hosting.htmlpolonus
