VirusTotal coverage: 17/33 (Caveat emptor)
Let me draw your attention to VirusTotal’s Hash Search function:
The MD5 of the malware I uploaded is: 213391f50aac3580fa8b7b5e8a671afe
Friday 4 July 2008
2 Comments »
RSS feed for comments on this post. TrackBack URI
OK, I fell for it (I’m a sucker!). I visited the site (using fully patched XP Pro which I reformat and reinstall frequently). I got the ActiveX warning (which I didn’t run), then I looked at the source code, which was as you displayed.
I’ve a number of questions:
I’m somewhat reluctant to allow the ActiveX … what’s the next stage for me? Should I allow the ActiveX and, if so, what will the outcome be? Is it possible to download the ActiveX for future analysis but without allowing it to run?
I’ve looked at the source code, but what actually invokes the ActiveX? How is the image generated? I realise that it’s not a real video.
I see that if I hover over the image, it wants to run fireworks.exe (I didn’t allow that, nor did I save the file to my PC).
I’m suspicious about the line:
“”
but, as my HTML coding skills can be written on the back of a postage stamp, that doesn’t surprise me!
Sorry to ask so many questions. I guess I could have e-mailed you directly (and I’m quite happy to continue this in that way), but I just wondered if you, or other contributors, might be able and willing to “fill me in”?
Comment by Dave — Sunday 6 July 2008 @ 10:42
The line which didn’t display correctly in my first comment was that which starts with iframe src=
I just noticed the fw.gif, so assume that’s the image of the fireworks and false video controls.
Comment by Dave — Sunday 6 July 2008 @ 10:45