Skip to content

Instantly share code, notes, and snippets.

Max Kaplan CapCap

  • San Francisco, CA
Block or report user

Report or block CapCap

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@CapCap
CapCap / malware.html.js
Created Feb 28, 2012 — forked from scottschiller/malware.html
Browser malware found in the wild, 02/28/2012, deobf version
View malware.html.js
/* Hello from upgradeyour.com (coming soon),
I've done some security work in the past and figured this would be a fun and quick puzzle, I found the same hash as scott on http://50.116.17.63/stats/counter.php?id=547b373f97233059 and googling it led to his post :)
it tries to identify browser/os version, and possibly run a wmp exp
It also tries to visit http://50.116.17.63/stats/w.php?f=b6863&e=4 and http://50.116.17.63/stats/w.php?f=b6863&e=1 and download+exec, two different exes
It tries a pdf exploit ( http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0188 and also http://50.116.17.63/stats/content/ap2.php?f=b6863 and http://50.116.17.63/content/ap1.php ? f = b6863 ), and hcp exploit as well ( http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1885 ), and some pdf exploit
This is all part of the blackhole exploit kit, and this botnet is seemingly Huge!
You can’t perform that action at this time.