Look at the following malcode analysis:
exploit
Here are the details I encountered:
1. Virus identified: JS-CVE-2009-1136-A[Expl] (which is an Exploit)
2. Web address: wXw.uyghurcongress.org/En/home.asp
3. Malicious file identified by Avast!: m2m.net84.net/cn/document.js
Mentioned site with this document.js is the malcode residing site:
Code: Select all
[EDITED by me for security reasons and against scanner detection]^^script src="htxtp://m2m.net84.net/cn/document.js"^^/script
Title:
HTTP Error 403 Forbidden
URL: hXtp://m2m.net84.net/cn
Redirects: 301 -> hXtp://m2m.net84.net/cn/
where I find the following:
Code: Select all
[again EDITED by me]
^a href="anehta-v0.6.0fixed/" anehta-v0.6.0fixed/^/a></li
Anehta is a PHP/Javascript based platform to make cross site scripting and other web attacks easier.
Author: axis
Homepage: hXtp://code.google.com/p/anehta/
File Size: 5596731
Last Modified: Nov 25 17:46:32 2008
MD5 Checksum: 5316c6cb785caef595c58e80a97f4ce8
More info on this new XSS platform: http://archives.neohapsis.com/archives/ ... /0565.html
other redirect is to:
302 -> hXtp://error.000webhost.com/forbidden.html
Is NoScript protecting us against anehta driven exploits?
luntrus