Jump to content

Recommended Posts

I'm browsing this forum i always do (gaming) and on one page my avira popped up saying there is a virus in the cache...

With my "uber elite" skills, i managed to find out that the file in the cache which avira finds infected is a picture that one guy posted.

This one

hxxp://www.homee.com/pic/thread%20sucks.jpg

I opened the jpg with notepad and found a java script in it that leads to one page that seems legit

<IFRAME SRC="hxxp://www.ciudad.com.ar/ar/popunder/p_submit.asp?site=personales.ciudad.com.ar" width=1 height=1></IFRAME><script LANGUAGE="JavaScript">//<!--for (var i=1; i<15; i++){  setTimeout('self.focus();',i*30);}//--></SCRIPT><!-- FIN - PUBLICIDAD POP-UP UNDER -->

What can you tell me about this?

I dont suppose my PC is infected now -,-

Link to post
Share on other sites

  • 3 weeks later...

Looking at the file, it appears the bad guy that created it, didn't do his homework properly, or is having problems with his server, as the URL returns a 404, and none of the files I've identified as previously being located on personales.ciudad.com.ar, are loading.

In short, previously it likely lead to something nefarious, and Avira will flag it due to the presence of scripts + iFrames in an image file, but in the sites current state, the image is harmless.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.