This is how dangerous the web has become. Lately it is estimated that over 10K of websites fell victim to a large attack that included a remote Javascript file into the title tag of a web page. The JS malware exploits vulnerabilities in Windows, RealPlayer, and other applications to break into insecure PC's. The McAfee researchers didn't release the JS malware source, but luckily I'm on Ph4nt0m's feed list and they found it's source. What can I say, it's interesting code and heavily obfuscated. I haven't got the time to analyze it yet, because I wanted to share it with all my readers first. It is very important that this knowledge is being shared instead of being swept under the rug, and so I place the file here so that we can all learn from it. One cool feature seems that it requires a spoofed header to locate the and retrieve the JS malware, another clever way of hiding it.
Thanks to Ph4nt0m for finding the source.
