That’s one way to find viruses

I just received an obviously-spam email, that was sent to an email address I don’t use along with a bunch of other people. The URL looked interesting because it used words like wiki and Railroad. I used to open these in a browser just to see what’s what, but since Mac attacks have been stepping up lately, I took a look in curl.

The URL in the email looked like a hacked wiki, which pointed to a throwaway domain, which pointed to what looks like a generated addresss on a site who’s name makes it sound like it’s a Microsoft Security site (but obviously isn’t, as it’s in the .info TLD).

Anyway, here’s the core of the page’s virus scanning engine:

[cc]
per = Math.round((i*100)/503);
[/cc]

And it would use this value to pick which trojan it was going to tell you it “found” on your computer.