PaulDotCom mailing list archives
phishing question
From: jim.halfpenny at gmail.com (Jim Halfpenny)
Date: Fri, 4 Dec 2009 12:33:35 +0000
That said you don't really want to run potentially malicious JavaScript without sandboxing it or having some idea as to what it does. Jim 2009/12/4 Bert Van Kets <mailing at vankets.com>
Isn't is easier to use a proxy or packet trace and see where the requests go to? You are not really after the code itself, just the locations in the requests. Just my $0.02 Bert Chris Blazek wrote:A coworker clicked on a link in an email and was directed to facebook then redirected to the following site: despatiesmercemerce . blogspot . com All of there fb contacts then received the same email. I pulled up the site in malzilla and noticed a script block in the header that looks like it's obfuscated. I was wondering if someone in the group could figure out what the site was trying to do. Thanks, Chris ------------------------------------------------------------------------ _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091204/05e34d2b/attachment.htm
Current thread:
- phishing question, (continued)
- phishing question David Shpritz (Dec 02)
- phishing question David Auclair (Dec 02)
- phishing question Chris Blazek (Dec 02)
- phishing question Chris Blazek (Dec 02)
- phishing question David Auclair (Dec 03)
- phishing question Chris Blazek (Dec 03)
- phishing question Matt Erasmus (Dec 03)
- phishing question Jim Halfpenny (Dec 04)