Server migration is mostly complete. RebeccaBlackTech merged into Desuarchive. Link for more details. Some images haven't moved yet. Search is unavailable for some time. But new archive software in use, discuss here.
Donations to the archive would be appreciated to help fund our server hardware & storage drives.
[361 / 98 / ?]

New malware advertising

No.1794456 View ViewReplyOriginalReport
>Am I infected
>>1793524
>What does it do/why is it obfuscated
>>1793605
>What do we know so far
Variant of the Nemucod ransomware, Ukrainian URL of the new advertising that broke CSS on boards with it has a history of hosting it.
https://www.reverse.it/sample/b9a80ddbaf41d303b0ed9abb0f6aabf5f851dd39909aaead3cb3257474fd7dc4?environmentId=100
SAME. EXACT. HOST. SAME. EXACT. OBFUSCATION (minus the xoring)
>Who did this
Supposedly two devs were mentioned >>1793484 , but very likely glow in the dark niggers have everything to do with it.
>What blocks it
Update your 4chanX they've already fixed it, block the URLs smcheck.org amgload.net piguiqproxy.com admixer.net and all subdomains. Block all third party scripts not required for captcha while you are at it in light of Twitter virtue signaling the entire internet, too.
Ignore disinfo on the topic someone is trying to make money here do you need any other motive as to why they're trying to tell us its harmless?

Script has been taken apart more here >>1794246

Use this if you keep getting blank white pages after blocking it https://pastebin.com/LGcy3mEp

Flick of a switch and this script does what it has done on this URL before DO. NOT. TRUST. GOOKMOOT.