Gizmo's Freeware Forum - View Single Post

computerfreaker · 19. Jan 2010, 03:58 PM

EDIT: ok, let's try this again. Apparently my last post went into the moderation queue, so I'll post a quick summary here.
The mapelli site is definitely infected. Firefox warns it's an attack site; a look at its source code reveals some nicely-obfuscated JavaScript. I deobfuscated the JS; it's coming from a Chinese site. Microsoft Forefront Client Security, my antivirus program, caught a drive-by download. I was running in a sandbox, though, so it can't hurt me.
That's probably a good enough summary for now; there was more detail in my original post, but I'm sure that original post will show up here shortly.

Anyway, I just got a look at the infected file - it's a malicious PDF. There's been a lot of those going around lately...

I'll drop this off at the SANS Internet Storm Center; in the meantime, for anyone who stumbled into this site, better run your virus scanner.

19. Jan 2010, 03:58 PM	#5 (permalink)
computerfreaker Junior Member Join Date: Jun 2009 Posts: 15	EDIT: ok, let's try this again. Apparently my last post went into the moderation queue, so I'll post a quick summary here. The mapelli site is definitely infected. Firefox warns it's an attack site; a look at its source code reveals some nicely-obfuscated JavaScript. I deobfuscated the JS; it's coming from a Chinese site. Microsoft Forefront Client Security, my antivirus program, caught a drive-by download. I was running in a sandbox, though, so it can't hurt me. That's probably a good enough summary for now; there was more detail in my original post, but I'm sure that original post will show up here shortly. Anyway, I just got a look at the infected file - it's a malicious PDF. There's been a lot of those going around lately... I'll drop this off at the SANS Internet Storm Center; in the meantime, for anyone who stumbled into this site, better run your virus scanner. Last edited by computerfreaker; 19. Jan 2010 at 04:01 PM.