IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User

Welcome to IWETHEY!

New Looks like it
The bottom half builds

windowopen("[link|http://_135_blanks_@"|http://_135_blanks_@"] + ???_1,"","width=800, height=600, menubar=???_2, resizable=0, scrollbars=1, status=0, titlebar=0, toolbar=0, left=100, top=100" + ???_3);

which matches the discussion on SpamCop.

The real URL is decoded by the top half, but the seed value is missing.

Wondering if deobfuscating this was a violation of the DMCA? ;-)

New That's what I figured
But on this public terminal, even if I had some tools I could deobfuscate it with, I don't know enough about windows trojan programming to ensure I didn't trigger the damn thing just by trying to read it.

Thanks for clearing it up (somewhat). I was wondering if I should report them to their ISP for it, but hell, no harm no foul, right? (Translates as: I don't feel like spending the next three weeks trying to explain to level 1 support that this thing was a nastygram.)
We have to fight the terrorists as if there were no rules and preserve our open society as if there were no terrorists. -- [link|http://www.nytimes.com/2001/04/05/opinion/BIO-FRIEDMAN.html|Thomas Friedman]
     What is someone trying to SPAM me with? - (drewk) - (6)
         Try running it through a deobsfucator... - (Another Scott) - (3)
             More info. - (Another Scott) - (2)
                 Looks like it - (scoenye) - (1)
                     That's what I figured - (drewk)
         I am not sure - (nking) - (1)
             It's code of some kind - (Ric Locke)

Well first you have to wipe the yak butter off.
59 ms