Jeff Chan wrote:
Pretty elaborate obfuscation:
<a
href=http://www.enterprisestorageforum.com/RealMedia/ads/click_lx.ads/ew/mistress/www.cometrees.com/management/features/article/4899482848/lbnyvio/OasDefault/Sun_Storage_SolutionCenter_1a/accessunit4.html/4681978795193130586212279675?ooftpqz.WINCriTCoNDI.COm
target=_blank><font size=5 color=1C1CFF><u><b>C1icck here to 0rder
suppose</font></font></b></u></a><br><br>
Actual target site is blackhat:
wincritcondi.com
I wrote to Jupitermedia about it (owner of
enterprisestorageforum.com) to close their redirector.
Would someone see if this gets detected correctly on recent SA?
Jeff C.
SA won't detect wincritcondi.com, just enterprisestorageforum.com.
It appears this redirector has been removed, but I'll write a redirector
pattern for it if someone says otherwise.
Daryl
