Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Interesting page source from site attempting to load Antivirus 2009


  • Please log in to reply
No replies to this topic

#1 tsmith35

tsmith35

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 24 November 2008 - 12:48 AM

I was browsing around tonight and suddenly had my browser window disappear,
only to be replaced by an Antivirus 2009 warning box. Caught me by surprise,
but I didn't click anything. Instead, I killed the iexplore.exe process. Went back
to find what could have caused it (guessing the last link clicked), and ended up
finding the source. The site is lowes-asset.newsee.orge.pl/animated-knots.html.
The page is cloaked, so viewing Google's cache shows the expected page. Anyway,
I figured out how to download the page source and found it very interesting, so I
thought I would share:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-2"><title>Antispyware Scanner</title>	&lt;script>var mw_texts = new Array();</script>	&lt;script>var install_link = 'http://files.downloadproas2009.com/load/setup_377_3777_.exe';</script>		&lt;script language="javascript" src="/ns/2009/x777/brand_constants.js"></script>	&lt;script language="javascript" src="/ns/landing_3777/mw_script/mouse_texts.js"></script>	<link href="/ns/landing_3777/mw_img/pre_load.css" rel="stylesheet" type="text/css"> &lt;script language=javascript>if(self.parent.frames.length!=0){self.parent.location=document.location}</script>&lt;script language=javascript>window.moveTo(0, 0); window.resizeTo(screen.availWidth, screen.availHeight);</script> 	<link href="/ns/landing_3777/mw_win_img/window.css" rel="stylesheet" type="text/css">	<link href="/ns/landing_3777/mw_img/this_landing.css" rel="stylesheet" type="text/css">		<link href="/ns/landing_3777/mw_img/translate.css" rel="stylesheet" type="text/css">			</head>	<body><div id="preloader"></div>	&lt;script language="javascript" src="/ns/landing_3777/mw_script/mouse_block.js"></script>		<div class="mw_final_win" id="mw_results_window">		<a class="mw_final_res" href="java script:install_begun();"></a>	</div>	<div class="mw_window" id="mw_main_win">			<div class="mw_win_body">				<!--plaz-->					<div class="mw_window_plaz">											<div class="mw_search_left_panel">							<a href="java script:install_begun();" class="mw_security_panel"></a>						</div><!-- dfsdfsdfsdfsdfsdfsdf dsf sdf sdf sdf sdfd -->											<div class="mw_window_body">							<div id="mw_disk_c" class="mw_wi_disk mw_hd_disk"><span class="mw_name"><span class="local_c"></span></span><span id="mw_err_1" class="mw_error"><span class="hardw_error"></span></span></div>							<div id="mw_disk_d" class="mw_wi_disk mw_hd_disk"><span class="mw_name"><span class="local_d"></span></span><span id="mw_err_2" class="mw_error"><span class="hardw_error"></span></span></div>										<div id="mw_disk_dvd" class="mw_wi_disk mw_dvd_disk"><span class="mw_name"><span class="local_dvd"></span></span></div>							<div id="mw_disk_fldr" class="mw_wi_disk mw_folder_disk"><span class="mw_name"><span class="shared"></span></span><span id="mw_err_3" class="mw_error"><span class="sec_thr"></span></span></div>							<div class="mw_disclaimer"><span class="secr_thr_fndd"></span></div>							<div class="mw_progress_bar">								<span class="mw_status" id="mw_status"></span>								<div class="pb_decor"><div class="decor_lp"></div><div class="decor_rp"></div><div id="mw_progress_bar"></div></div>								<A id="mw_cncl_but" class="mw_cancel" href="java script:install_begun();"></A>							</div><!-- dfsdfsdfsdfsdfsdfsdf dsf sdf sdf sdf sdfd -->							<div class="mw_display_filename">								<span class="mw_status"><span class="object"></span></span>								<span class="mw_filename" id="mw_file_name"></span>							</div>                            <!-- an -->    <div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><div></div><!-- an -->                             														<div class="mw_test_results" id="mw_inwin_results"><div class="mw_test_rez_decor"><div class="mw_res_rtc"></div>							<div class="mw_header_f_res"><span class="hrdw_n_sec"></span></div>								<a class="mw_remove_button" href="http://files.downloadproas2009.com/load/setup_377_3777_.exe"></a>								<div class="mw_res_pads">									<span class="mw_res_hdr"><span class="hrdw_errors"></span></span>									<div class="mw_res_text"><span class="perfomance_usw"></span></div>				<!-- dfsdfsdfsdfsdfsdfsdf dsf sdf sdf sdf sdfd -->									<span class="mw_res_hdr"><span class="privacey_errors"></span></span>									<div class="mw_res_text">										<span class="spyw_ws_stol"></span>																					Country: <b>(my country)</b><br>																					City: <b>(my city)</b><br>																					IP Address: <b>(my IP)</b><br>																					ISP: <b>(my ISP)</b><br>																					</div>								</div><!-- dfsdfsdfsdfsdfsdfsdf dsf sdf sdf sdf sdfd -->							</div></div>													</div>					</div>				<!--//plaz-->							</div>	</div>   </body>	&lt;script language="javascript" src="/ns/landing_3777/mw_script/unic_scripts.js"></script>	&lt;script language="javascript" src="/ns/landing_3777/mw_script/text_constants.js"></script>		&lt;script language="javascript" src="/ns/landing_3777/mw_script/file_names.js"></script>	&lt;script language="javascript" src="/ns/landing_3777/mw_script/domFunction.js"></script>		&lt;script language="javascript" src="/ns/landing_3777/mw_script/startafter.js"></script>	</html>
Perhaps this will help others avoid the same issue. I have blocked the source site as well as downloadproas2009.com, so that will help short-term.

Tom

Edited by tsmith35, 24 November 2008 - 12:49 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users