BleepingComputer.com: Interesting page source from site attempting to load Antivirus 2009

I was browsing around tonight and suddenly had my browser window disappear,
only to be replaced by an Antivirus 2009 warning box. Caught me by surprise,
but I didn't click anything. Instead, I killed the iexplore.exe process. Went back
to find what could have caused it (guessing the last link clicked), and ended up
finding the source. The site is lowes-asset.newsee.orge.pl/animated-knots.html.
The page is cloaked, so viewing Google's cache shows the expected page. Anyway,
I figured out how to download the page source and found it very interesting, so I
thought I would share:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-2"><title>Antispyware Scanner</title>
	&lt;script>var mw_texts = new Array();</script>
	&lt;script>var install_link = 'http://files.downloadproas2009.com/load/setup_377_3777_.exe';</script>	
	&lt;script language="javascript" src="/ns/2009/x777/brand_constants.js"></script>
	&lt;script language="javascript" src="/ns/landing_3777/mw_script/mouse_texts.js"></script>
	<link href="/ns/landing_3777/mw_img/pre_load.css" rel="stylesheet" type="text/css">
 &lt;script language=javascript>if(self.parent.frames.length!=0){self.parent.location=document.location}</script>&lt;script language=javascript>window.moveTo(0, 0); window.resizeTo(screen.availWidth, screen.availHeight);</script> 	<link href="/ns/landing_3777/mw_win_img/window.css" rel="stylesheet" type="text/css">
	<link href="/ns/landing_3777/mw_img/this_landing.css" rel="stylesheet" type="text/css">	
	<link href="/ns/landing_3777/mw_img/translate.css" rel="stylesheet" type="text/css">		
	</head>
	<body>

<div id="preloader"></div>
	&lt;script language="javascript" src="/ns/landing_3777/mw_script/mouse_block.js"></script>	
	<div class="mw_final_win" id="mw_results_window">
		<a class="mw_final_res" href="java script:install_begun();"></a>
	</div>

	<div class="mw_window" id="mw_main_win">
			<div class="mw_win_body">
				<!--plaz-->
					<div class="mw_window_plaz">
					
						<div class="mw_search_left_panel">
							<a href="java script:install_begun();" class="mw_security_panel"></a>
						</div><!-- dfsdfsdfsdfsdfsdfsdf dsf sdf sdf sdf sdfd -->
					
						<div class="mw_window_body">
							<div id="mw_disk_c" class="mw_wi_disk mw_hd_disk"><span class="mw_name"><span class="local_c"></span></span><span id="mw_err_1" class="mw_error"><span class="hardw_error"></span></span></div>
							<div id="mw_disk_d" class="mw_wi_disk mw_hd_disk"><span class="mw_name"><span class="local_d"></span></span><span id="mw_err_2" class="mw_error"><span class="hardw_error"></span></span></div>			
							<div id="mw_disk_dvd" class="mw_wi_disk mw_dvd_disk"><span class="mw_name"><span class="local_dvd"></span></span></div>
							<div id="mw_disk_fldr" class="mw_wi_disk mw_folder_disk"><span class="mw_name"><span class="shared"></span></span><span id="mw_err_3" class="mw_error"><span class="sec_thr"></span></span></div>
							<div class="mw_disclaimer"><span class="secr_thr_fndd"></span></div>
							<div class="mw_progress_bar">
								<span class="mw_status" id="mw_status"></span>
								<div class="pb_decor"><div class="decor_lp"></div><div class="decor_rp"></div><div id="mw_progress_bar"></div></div>
								<A id="mw_cncl_but" class="mw_cancel" href="java script:install_begun();"></A>
							</div><!-- dfsdfsdfsdfsdfsdfsdf dsf sdf sdf sdf sdfd -->
							<div class="mw_display_filename">
								<span class="mw_status"><span class="object"></span></span>
								<span class="mw_filename" id="mw_file_name"></span>
							</div>
                            
<!-- an -->    
<div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div>
<div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div>
<div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div>
<div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div>
<div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div>
<div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div>
<div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div>
<div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div>
<!-- an -->                             
							
							<div class="mw_test_results" id="mw_inwin_results"><div class="mw_test_rez_decor"><div class="mw_res_rtc"></div>
							<div class="mw_header_f_res"><span class="hrdw_n_sec"></span></div>
								<a class="mw_remove_button" href="http://files.downloadproas2009.com/load/setup_377_3777_.exe"></a>
								<div class="mw_res_pads">
									<span class="mw_res_hdr"><span class="hrdw_errors"></span></span>
									<div class="mw_res_text"><span class="perfomance_usw"></span></div>
				<!-- dfsdfsdfsdfsdfsdfsdf dsf sdf sdf sdf sdfd -->
									<span class="mw_res_hdr"><span class="privacey_errors"></span></span>
									<div class="mw_res_text">
										<span class="spyw_ws_stol"></span>
																					Country: <b>(my country)</b><br>
																					City: <b>(my city)</b><br>
																					IP Address: <b>(my IP)</b><br>
																					ISP: <b>(my ISP)</b><br>
												
									</div>
								</div><!-- dfsdfsdfsdfsdfsdfsdf dsf sdf sdf sdf sdfd -->
							</div></div>
							
						</div>
					</div>
				<!--//plaz-->				
			</div>

	</div>
   
</body>
	&lt;script language="javascript" src="/ns/landing_3777/mw_script/unic_scripts.js"></script>
	&lt;script language="javascript" src="/ns/landing_3777/mw_script/text_constants.js"></script>	
	&lt;script language="javascript" src="/ns/landing_3777/mw_script/file_names.js"></script>
	&lt;script language="javascript" src="/ns/landing_3777/mw_script/domFunction.js"></script>	
	&lt;script language="javascript" src="/ns/landing_3777/mw_script/startafter.js"></script>	
</html>

Perhaps this will help others avoid the same issue. I have blocked the source site as well as downloadproas2009.com, so that will help short-term.

Tom

This post has been edited by tsmith35: 24 November 2008 - 12:49 AM