BleepingComputer.com: Likely malicious html file - can someone take a look?

Hi,

I'm a consultant, with a client that received an email with a suspicious link. I was able to download the html file from the redirected site without running it, and took a look at it in a text editor. It's obviously specially crafted, but it's beyond my ability to decipher. Could anyone interpret the file to figure out what the payload is supposed to be?

It's a 191K file, and I'm not sure how best to attach it. If someone could let me know, I'd appreciate it.

Thanks in advance,

Charlie T.

You can upload it here. Please put it in a .zip archive first.

Hi, I just uploaded the file as requested.

Thanks,
Charlie T.

It's a packed and obfuscated, and very common, fake malware scanner page. It emulates the appearance of Windows Explorer in Windows XP and claims to be scanning your computer while finding numerous infections (almost identical in every respect to this image.) It then prompts you to download and install and they purchase a rogue Antimalware tool.

If the page is on a server you control, then you need to immediately take action to remove these rogue pages and close whatever security hole may have allowed them in. If the page lives on an otherwise innocuous website then you should consider contacting the owner of the site and informing them that their site is hosting scam/malware pages.

Thanks for your help.

The curious thing is that this lady got this email with the malicious link, along with only a handful of other people she knows in the CC: list, and is pretty sure she knows who sent it. Could you tell if there is anything more specifically targeted than the rogue antivirus program? She is concerned about trojans, keyloggers, etc. I scanned her system with Combofix, MBAM, AVG's Virut remover, GMER and catchme, and everything's clean as far as I can tell.

Thanks again,
Charlie T.

Nothing obvious.