Max Kaplan CapCap
CapCap
/ malware.html.js
Created
February 28, 2012 19:37
— forked from scottschiller/malware.html
Browser malware found in the wild, 02/28/2012, deobf version
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Hello from upgradeyour.com (coming soon), | |
| I've done some security work in the past and figured this would be a fun and quick puzzle, I found the same hash as scott on http://50.116.17.63/stats/counter.php?id=547b373f97233059 and googling it led to his post :) | |
| it tries to identify browser/os version, and possibly run a wmp exp | |
| It also tries to visit http://50.116.17.63/stats/w.php?f=b6863&e=4 and http://50.116.17.63/stats/w.php?f=b6863&e=1 and download+exec, two different exes | |
| It tries a pdf exploit ( http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0188 and also http://50.116.17.63/stats/content/ap2.php?f=b6863 and http://50.116.17.63/content/ap1.php ? f = b6863 ), and hcp exploit as well ( http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1885 ), and some pdf exploit | |
| This is all part of the blackhole exploit kit, and this botnet is seemingly Huge! | |