• SC Magazine US awards perfect score to Netgear ProSecure. Good content filtering for less than 3k USD . Cool ( http://bit.ly/aDzC5M ) #
• RT @agent0x0 RT @securitymonks: RIPS – A static source code analyser for vulnerabilities in PHP scripts http://goo.gl/H65C #

Powered by Twitter Tools

I just received today a phishing email which had an HTML attachment and of course it asked me to click the attached file.

By opening the attached file as text I noticed it's packed with scrambled / encoded JavaScript which unfortunately I don't speak fluently.

I have uploaded the file on my webserver and I scanned with QualysGuard Malware Detection service which runs the discovered malware in a sandbox OS to detect the effects on an ordinary PC but unfortunately I didn't get any results.

By unscrambling some URLs I found remote calls to http://onnoe.ru:8080/index.php?pid=10 which gave me a hint that this malware might be used as trojan / botnet harvester.

So, I would appreciate if anybody could take a look at the malware JavaScript and share the results with me .. I'm extremely curious on what it does.

Anyways, here is the culprit JS code saved as txt.

Thank you!

• dotDefender busted by Sandro Gauci of EnableSecurity ( http://bit.ly/cLN9Uy ) #
• RT @Hfuhs: WordPress user: Be careful where you get your theme from – http://fuhs.eu/16h #
• RT @Imperva: History of Hacking in One Cool Graphic http://bit.ly/bQYUim #
• attending Provision Security Days at seaside in Olimp, Romania .. cold, windy. Hopefully that will keep the guests focused on the conference #
• Just released Pro CERT : ProVision Computer Emergency Response Center http://slidesha.re/cMYcDC #

Powered by Twitter Tools

• "Patch management for non-Microsoft software products with new release of GFI LANguard" ( http://bit.ly/9CcODJ ) #
• "BBC News – First human 'infected with computer virus'" ( http://bit.ly/96Lhg4 ) .. amazing ! #

Powered by Twitter Tools