Web browser exploits are just one more reason to update often. Security!
The Summary doesn't really describe what we will be showing here but it does feel at times we see more advertisement exploits than normal just around the holidays.
The Scripts we will be reviewing here are the random fake virus warning popups. These are easy to track if you can get to your cache before the page expires.
Java Script cut by 22,000 to 38,000 characters.
The exploit was delivered from 188 . 124 . 5 . 154
Do not visit that address please. If you do , you risk your computer.
The IP is in Turkey and is a virtual server.
var d_e4da416a = '2_2ee665.php'+'?af'+'fid=';
var x5b61 = "60.(#(115.(#(99.(#(114.(#(105.(#(112.(#(116.(#(32.(#(116.(#(121.(#(112.(#(1
The top part looks like a typical download status layout which would be along the lines of those pop under advertisements.
The var x5b61 = changes on every page load I did.
The string 60.( continues hundreds of lines.
The var d_e4da416a which is random offers the page to the download (payload)
In my case the downloaded file was: 4_490bd6.php
And my var was different from the one I'm posting here. (This was round 4 of testing IE Exploit.)
Then it was your classical Executable file.
But the questions I couldn't get answered and haven't answered are.
1. Is this file installed due to the IE Exploit?
2. Is the exploit actually allowing the Executable file to run or would it require user input?
Articles I have read say it's always the user to blame for the new virus they just acquired.
Today we see more viruses being installed by browser exploits than email attachments or fake download pages.
Before you accuse a family member of downloading files that infected your computer look at your web browser first. If you don't have the newest version and updated with some type of linkscanner the odds are any advertisement banner from any website that had malicious code in the advertisement could have installed the virus. So don't yell at the one on the computer. Ask them what popups or redirects happened while they were surfing.