Author Topic:  (Read 5275 times)

0 Members and 1 Guest are viewing this topic.

January 09, 2008, 03:50:30 am
Read 5275 times


  • Special Members
  • Jr. Member

  • Offline
  • *

  • 34
Came across this site
in a traffic exchange rotator. I have Exploit Prevention Lab Pro on my computer and got a WebAttacker exploit alert. Going to so I could see what was on the web page I see a Iframe, for this:

Code: [Select]
Decoded output for:

HTTP/1.1 200 OK
Date: Wed, 09 Jan 2008 02:35:19 GMT
Server: Apache
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "">
<html xmlns="" xml:lang="en" >

<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title> - this is the world calling</title>
<link rel="stylesheet" href="/css/screen.css" type="text/css" media="screen"/>
<!--[if IE 6]>
<link rel="stylesheet" href="/css/ie6.css" type="text/css" media="screen" />

<script language="javascript1.2">
var ii= 1;
function nextfile(){
//alert("okay we arestillgood");

ii=(ii 1) % 3;
nextfiler='scroller'   ii   ".htm";
if(document.all) document.all.datamain.src =nextfiler;
else document.getElementById('datamain').src=nextfiler;
<body  style="background: #FFFEF3;" >
<iframe src="" style="display:none"></iframe>
<div id="header" ></div>

I put the sclgntfy*com in my host files and went to geogamess*com, all I see is a white page. The sclgntfy*com does have a bunch of code on it.

January 09, 2008, 07:29:45 pm
Reply #1


  • Guest
....googling for 'ent2298' also results in a couple of results...
Not in front of VMware at the moment though,
thereby I haven't attempted checking might irrelevant...

January 09, 2008, 10:57:23 pm
Reply #2


  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
Thanks, this will be added soon.