Yep, my good anti-malcode friend, it is code I would not like to turn around with a stick if it was on my website...
as a general rule I would not trust any code obfuscated in that fashion, be it suspiscious, malicious or benign,
I like to block its access to my browser or OS for that particular reason.
script 1460 bytes
Filetype: UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5: ffa7160820f9ef31fec6cc45b86e80d2
SHA1: 26904226a0f740598aecd4f6ff520799048657d4
The trackers certainly have something to hide, see analysis here:
http://wepawet.iseclab.org/view.php?hash=22a6b09a195d10dc677c41bb24975241&t=1275844664&type=jsand then also look into this: htxp://www.itmakemehappy.com/666/voli9x1.php
open that up with an instance of malzilla and you get some nice obfuscated soup code...
and these finds cannot be omitted, still flagged here:
http://www.malwaredomainlist.com/mdl.php?search=itmakemehappy.comdreamonisland*com is on SURBL lists: PH
itmakemehappy*com is on SURBL lists: PH WS
Not a very good reputation....
Both flock browser and WOT extension stopped me from going here: htxp://daddyseye.net/in.cgi?default
and got this redirecting:
^^^^^^
<meta http-equiv="REFRESH" content="1; URL='htxp://www.itmakemehappy.com/666/voli9x1.php'">
^^^^^^
document moved <a href="htxp://www.itmakemehappy.com/666/voli9x1.php">here</a>
^^^^^^ Then also ook here:
http://www.malwaredomainlist.com/mdl.php?search=%2F666%2Findex.php&colsearch=All&quantity=50polonus
