The decoded script is shown below:
The above malicious code points to the malicious domain “gumblar.cn”, which was used by the Gumblar Trojan. Fortunately, the malicious domain has now been taken down.
Zscaler blocks the infected page (http://bangaloretelecom.com/search.js) rather than blocking whole website. This example illustrates how malicious content can be filtered out, while still allowing access to what is an otherwise legitimate site – an important approach, given the prevalence of malicious infections. Our recent posts highlight the fact that numerous popular Indian web sites are struggling with proper application security controls.