Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Domain gets tagged as distributing malware by my work's security system, FYI. Dunno what list it's gone on, but it's there.


uMatrix doesn't allow this site to show either.

View Source reveals that this site is actually an iframed version of http://www.wisdom.weizmann.ac.il/~eyalro/iotworm/.


http://archive.is/gRSfN


This too is not immune. I get it here too.


Well, the HTML contains some very shady (encoded and obfuscated) JavaScript code.

If you want to investigate further replace the "return r;" in the very end of those two "evals" with "console.log(r);" then get the decoded code from the browser's console. Then run through code beautifier (built-in in Firefox JS debugger) to get readable code. But there are more code obfuscations later, though easy to reverse but I don't have the time right now.


OpenDNS blocks the domain it looks like


There is what looks like another site hosted by the other person who partnered on this: http://colinoflynn.com/iotworm/


You can use http://archive.is/gRSfN/image to get a screenshot of the page.


... shouldn't this be higher up?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: