Help with JavaScript Malware !
I just received today a phishing email which had an HTML attachment and of course it asked me to click the attached file.
By opening the attached file as text I noticed it's packed with scrambled / encoded JavaScript which unfortunately I don't speak fluently.
I have uploaded the file on my webserver and I scanned with QualysGuard Malware Detection service which runs the discovered malware in a sandbox OS to detect the effects on an ordinary PC but unfortunately I didn't get any results.
By unscrambling some URLs I found remote calls to http://onnoe.ru:8080/index.php?pid=10 which gave me a hint that this malware might be used as trojan / botnet harvester.
So, I would appreciate if anybody could take a look at the malware JavaScript and share the results with me .. I'm extremely curious on what it does.
Anyways, here is the culprit JS code saved as txt.
Thank you!
Thank you for reading this post. You can now Read Comments (2) or Leave A Trackback.
Print This Post
Post Info
This entry was posted on Thursday, June 10th, 2010 . Tagged with:You can follow any responses to this entry through the Comments Feed. You can Leave A Comment, or A Trackback.
Previous Post: My Twitter Notes on 2010-06-06 »
Next Post: My Twitter Notes on 2010-06-13 »
Read More
Related Reading:- My Twitter Notes on 2010-07-25
- New NetWitness Visualize : Welcome To The Future!
- My Twitter Notes on 2010-07-18
- My Twitter Notes on 2010-07-11
- My Twitter Notes on 2010-06-27
- Qualys and Imperva Integration: Natural Evolution
- My Twitter Notes on 2010-06-20
- Pro CERT – First Romanian Commercial CERT
- GFI EventsManager 2010 Review
- My Twitter Notes on 2010-06-13
June 10th, 2010 06:55
[...] Help with JavaScript Malware ! | Dragos Lungu Dot Com [...]
June 10th, 2010 07:02
[...] Help with JavaScript Malware ! | Dragos Lungu Dot Com [...]