If you google for l61.3322.org you will find LOTS of “script” links to:
http://l61DOT3322DOTorg/eDOTjs. That first letter is an L not a 1.
Be careful that java script attempts to exploit vulnerabilities in some browsers.
Fellow Handler BojanZ stated this about that malicious piece of java:
“The attached JS file calls other JS files (from various servers). At
3322.org has hosted malware several times in the past including a element of the zero day word exploit that was reported in 05-2005 It was also used as the ftp download site for a SAV based worm 12-2005.
It was also used as the ftp download site for a SAV based worm 12-2005.
Thanks Bryan and Evan for bringing this to our attention.
Aug 15th 2007
1 decade ago