Nice, bad code is actually on all of the error (404) pages for the site as
well as some other php pages.
The code is actually a base64 obfuscation technique to hide the actual
attack code.
Once decode the code attempts multiple attacks to try and get the victim to
download an executable
hxxp://
Paul,
I noticed that in the PDF file but as the domain doesn't seem to have
resolution I didn't mention it.
Jake
WHOIS information on the domain
Whois Record
domain: TEST1.RU
type: CORPORATE
nserver:ns1.centerhost.ru.
nserver:ns1.cetis.ru.
state: REGISTERED, DELEGATED
org
On Mon, Apr 20, 2009 at 10:42 AM, Jake Mailinglists
wrote:
> Paul,
> I noticed that in the PDF file but as the domain doesn't seem to have
> resolution I didn't mention it.
>
> Jake
>
> WHOIS information on the domain
>
> Whois Record
>
> domain:
3 matches
Mail list logo
