Robash Posted January 10, 2009 Share Posted January 10, 2009 not that any of you are dumb enough to actually click the link... http://groups.google.com/group/alt.comp.vi...14dc75b942e64bc alt.comp.virus "Gabriele Neukam" wrote: > Don't follow anything that leads to > hxxp://algalibon.net/new/blocks/Barack-Obama-Incident.html Well, naturally I did. It redirects to ibn3.com/daleel/img/index.php which then redirects to the actual content page at the same host. It appears to be a blog type thingy provided by searchwarp.com. > It can't be anything else but a page with trojan waiting to jumpon > your machine. Absolutely. The page contains an invisible iframe (possibly not put there by the author) to trustsellers.co.cr/stat-xr.php. It redirects to sutgon.info/in.cgi?4 which then redirects back to trustsellers.co.cr/stat/index.php. That contains a heap of obfuscated Javascript and shellcode to exploit vulnerabilities in ActiveX components and Acrobat reader. WebViewFolderIcon createControlRange SetFormatLikeSample DirectAnimation.PathControl PrintSnapshot XML PDF If one of those works it will download and install a BHO with class ID {00009E9F-DDD7-AA59-AA7D-AA4B7D6BE000} named mscorews.dll. Except it doesn't. The installer is broken and, while it sets the appropriate registry entries, fails to create the dll in [win]\system32. A few AV products detect it as a bank password stealer. Quote Link to comment Share on other sites More sharing options...
Skippy Posted January 10, 2009 Share Posted January 10, 2009 Did you see that we were invaded in the main forum with the Barack was shooted? Quote Link to comment Share on other sites More sharing options...
Zooty Posted January 10, 2009 Share Posted January 10, 2009 So he wasn't shooted? Quote Link to comment Share on other sites More sharing options...
Robash Posted January 10, 2009 Author Share Posted January 10, 2009 Did you see that we were invaded in the main forum with the Barack was shooted? yar, and IDP...but figured this was more appropiate place for it. Quote Link to comment Share on other sites More sharing options...
Kid Cid Posted January 10, 2009 Share Posted January 10, 2009 At least Twilley purged it out of the food forum quickly. Thankk goodness one mod is doing his job. Quote Link to comment Share on other sites More sharing options...
rocknrobn26 Posted January 10, 2009 Share Posted January 10, 2009 There is one ion the support forum. Quote Link to comment Share on other sites More sharing options...
Big John Posted January 10, 2009 Share Posted January 10, 2009 The spammer flooded the mass of forums I deleted a bunch of them already and just took out the link in the main forum. Quote Link to comment Share on other sites More sharing options...
SheikYerbuti Posted January 10, 2009 Share Posted January 10, 2009 Everyone must to know !! Quote Link to comment Share on other sites More sharing options...
tazinib1 Posted January 10, 2009 Share Posted January 10, 2009 OK I havn't been a proponent of this being a paid members forum but I am now. Just so you know'd it, I didn't shooted the Sheriff. Quote Link to comment Share on other sites More sharing options...
Savage Beatings Posted January 10, 2009 Share Posted January 10, 2009 I heard that it was the most shooteded that any man has ever been. Quote Link to comment Share on other sites More sharing options...
Menudo Posted January 11, 2009 Share Posted January 11, 2009 OK I havn't been a proponent of this being a paid members forum but I am now. Just so you know'd it, I didn't shooted the Sheriff. ....but, did you shooted the deputy ? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.