phishing question

[jim.halfpenny at gmail.com (Jim Halfpenny)]

That said you don't really want to run potentially malicious JavaScript
without sandboxing it or having some idea as to what it does.

Jim

2009/12/4 Bert Van Kets <mailing at vankets.com>

> Isn't is easier to use a proxy or packet trace and see where the
> requests go to?
> You are not really after the code itself, just the locations in the
> requests.
>
> Just my $0.02
>
> Bert
>
> Chris Blazek wrote:
> > A coworker clicked on a link in an email and was directed to facebook
> > then redirected to the following site: despatiesmercemerce . blogspot
> > . com
> > All of there fb contacts then received the same email. I pulled up the
> > site in malzilla and noticed a script block in the header that looks
> > like it's obfuscated.
> >
> > I was wondering if someone in the group could figure out what the site
> > was trying to do.
> >
> > Thanks,
> > Chris
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091204/05e34d2b/attachment.htm