Author Topic: Decoding the Global Crossing rogues  (Read 2596 times)

0 Members and 1 Guest are viewing this topic.

July 02, 2009, 06:06:20 pm
Read 2596 times


  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Code: [Select]
Global Crossing are currently hosting a whole host of rogues such as Fast Antvirus. One thing the latest ones have in common, is their use of a seemingly randomly named .js file, that does the bulk of the work to ensure you get infected with it.

Most of us will either;

1. Load the site up in the browser
2. Analyze the sites source code to identify the download location so we can automate downloads of new samples

I tend to opt for the latter myself, which is why I'm posting this. When I looked at a site a couple of days ago, I got the .js file decoded, went through it's code, and identified the download URL as;

Steven Burn
I.T. Mate / hpHosts /