@Asyn,
I will try to crop the image contents better so the size fits the allowed size of the attachment, bit of a prob for me sometimes.
@lareinatortura
Sandboxing and using a VM always is a risky thing, where malware/suspicious content is concerned, malcode can get out, malcode can spill over and infect.
Always scan your "users" file fully with avast whenever using a sandboxed proggie/proxy like sandboxie/malzilla etc (so only for the security aware users, with ample script protection (script blockers)and even then with the utmost of care....
This is why so-called "cold" reconnaissance (non-direct-scanning through online scanners, looking up VT Md5 hashes and malware write-ups and online analyses are a by far more secure way of getting to this information.
A VM should be on a stand alone computer in special lab settings and not connecting to the Internet. Script protection helps a lot when looking up sites with jsunpack (only for the security aware and with loads of precautions taken - never give direct links there, only hxtp:etc.), these scans are for security aware users, and sometimes the avast shields will disconnect after you gave in the scan link. A VM might give unaware users even a false sense of security, so you should have control over script that runs or make it cannot run at all through script blocker (NotScripts/NoScript), requests that are being made (RequestPolicy blocking) and still I would prefer to get the info from a third party scanning like SOSWebScan, URLVoid, MonkeyWrench.de url scan, Wepawet, Anubis, the combined search-up via google, vicheck.ca md5hash query, malware domain query, iFrame scan, rather than opening up a suspicious url via malzilla.
And even then all this scanning is not for the unaware or the faint-hearted. Take care the best method is to just give in a suspicious link and never click and watch in the google result page and see where for instance what BitDefender Traffic Lights, webrep or analysis sites come up with, shun the reds or give in the url here:
http://online.us.drweb.com/?url=1 or
http://www.webutation.net/go/review/Well understand that you have to combine all sort of resources to get a full and complete picture of the security of the link at hand. What Norton Safe Web does not flag, unmasked parasites may alert to (all on URLVoid), what sucuri cannot find, Dasient might have a write-up on, what you do not find at Anubis, you may find at VT, etc. etc. And then the threat landscape is soon to change completely, malware domains are taken down even by the malcreants themselves, malcious IP's are transmigrated. links are no longer up and obfuscation has renewed old malware "like with new wine but still in the old sacks", so to say), new versions of the same malware may be created randomly etc. etc. malcreants are known to use every trick in the book and even those not earlier thought of..
Code is best being presented as gif image, and everybody that has read the above txt now knows why, and even script presented in another way without payload and partly given or munged can trigger an alert, well so much so far, do some hunting and find some nice resources, all to help better avast detection. Also you understand now that every questionable (probably suspicious or malicious) link should be presented in a way that the unaware cannot click on it and get infected, so - hxtp or -http or wXw etc.
polonus
