tembow
Blue Angel
Premium Member
Joined: Oct 10, 2005
Posts: 2942
|
 Posted: Thu May 15, 2008 10:33 am Post subject: [SIRT#173979] Blogspot redirection with fingerprint removal |
|
|
Spam Alert
Full Report:  /Blogspot_redirection_spam173979.html
Changed status to confirmed spam.Google Blogspot redirection using obfuscated Java Scriot.
GOOGLE ACTION REQUIRED
The fingerprint to use for removal is in the format shown at http://spamtrackers.eu/wiki/index.php?title=Blogspot#Obfuscated_Java_Script_redirections
Look for all blogspot pages that follow that pattern and remove them for breach of the Terms of Service.
In this example, the code contains
var xqmwewg="dtgnkyehdurypcqntqlxt";
var xyevvux=0;
var ecsgeohnn,bupwpacuf,wcqncmtg="5807041c0209114844555215110d161b15160945562e15110f381a170114015047070a1f0a1b06420c1b145a0b01081811010b1b5c110206174e5451515854445440061f0d15524b5a13171806030c151d421b1b095b40555756160b161c020d4e";
bupwpacuf='';
var krolho;
for(ecsgeohnn=0;
ecsgeohnn<wcqncmtg.length;
ecsgeohnn+=2){krolho=unescape('%'+wcqncmtg.substr(ecsgeohnn,2));
bupwpacuf+= String.fromCharCode(krolho.charCodeAt(0)^xqmwewg.charCodeAt(xyevvux++));
if(xyevvux>=xqmwewg.length) xyevvux=0;
}document.write(bupwpacuf);
This decodes into
<script language="JavaScript">window.top.location.href = 'http://anherbal.com/';</script>
Further examples of blogspot redirections:
nunydyle74873.blogspot.com => anherbal.com
nylaryme31727.blogspot.com => anherbal.com
xigasuhy28461.blogspot.com => anherbal.com
halirone80143.blogspot.com => anherbal.com
lodufogo32065.blogspot.com => anherbal.com
pekytyti28550.blogspot.com => anherbal.com
nydulela46556.blogspot.com => anherbal.com
wymanady58702.blogspot.com => anherbal.com
samyvufi88747.blogspot.com => anherbal.com
kirafeza45130.blogspot.com => selissia.com
dyhulufa54865.blogspot.com => selissia.com
lobywera37554.blogspot.com => selissia.com
nafypoxa81164.blogspot.com => selissia.com
nuzesudo46350.blogspot.com => selissia.com
koroxiwe74551.blogspot.com => selissia.com
mahopuku28056.blogspot.com => selissia.com
gyfebiko16107.blogspot.com => selissia.com
cahoryha75815.blogspot.com => selissia.com
hicityry27227.blogspot.com => selissia.com
kytikibo32701.blogspot.com => selissia.com
cevedole10317.blogspot.com => selissia.com
myropawy27851.blogspot.com => selissia.com
becibyta24804.blogspot.com => selissia.com
nyfedofu57182.blogspot.com => selissia.com
ducymaha21306.blogspot.com => selissia.com
lytyryge66111.blogspot.com => selissia.com
kidelywy47181.blogspot.com => selissia.com
kysodupa42722.blogspot.com => selissia.com
All redirections follw the same pattern, and all sites matching the patttern can be safely removed immediately. The removal of all matching sites must be ongoing.
| Quote: | | http://ryxyfovy55386.blogspot.com |
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
