When I access this site:
http://216.129.177.83
(warning - that site will attempt to infect your PC with malware)
The "Happy Labor Day" picture comes up, along with a message window
with the following:
--------------------
Title Bar Text: Microsoft ADO/RDS 2.1
Message: This page accesses data on another domain. Do you want to
allow this? To Avoid this message in IE, you can add a secure web
site to your trusted sites zome on the security tabl of the Internet
Options dialog box.
Buttons: Yes No
----------------------
I can't close the message box.
When I hit no, the message box goes away and comes back. This happens
about 7 or 8 times.
I noticed that each time it generated a small IE cache file that looks
like a log file. It seems that it was trying to download this each
time:
http://activex.microsoft.com/objects/ocget.dll
But each attempt failed.
Not sure what this is all about. I only get this behavior with IE6.
It doesn't do this (display message) with firefox or an old version of
Netscape.
This is probably attempting to exploit a known IE (IE6?) bug - anyone
know which one?
Are there any on-line javascript de-obfuscators?
note: fncarp.com now resolves to
68.43.234.209 (comcast cable - michigan).
75.46.3.130 (SBC global - Southfield Michigan)
76.24.15.130 (comcast cable - boston?)
209.76.82.231 (snowcrest inc - mt. Shasta CA)
69.245.236.195 (comcast)
74.75.226.45 (road runner - somewhere in Maine)
Well - you get the idea. A different IP every time you look it up.
