While I was testing a Pinpoint update, I found a sneaky method to redirect unsuspecting users to Neutrino EK. This one was interesting to me so I thought I would document it here.
Here’s the website I visited…looks suspicious already:
I found the malicious redirect, or so I thought…
Long story short, this led nowhere. Going back to the main page, there is a call to a Flash file at the bottom.
The “PNG file is not a graphic file but a renamed text file.
I used Converter to extract one character every two positions and got this:
The URL leads to the Neutrino landing page.