Security researcher from Zscaler have detected web attacks in which links to drive-by exploits are obfuscated by converting IP addresses to DWORD. DWORD is 32-bit integer representation of a string. Browsers can automatically parse DWORD values if encountered in an URL and that an IP address of, say, 184.108.40.206 would look as 3468664375 in DWORD. For example the address hxxp://1539393606/GoogleSearch.class has been converted to DWORD by an attacker to confuse or fool victims.
The malicious URLs usually lead to a malicious class that tries to exploit a vulnerability (CVE-2010-4452) in outdated Java installations. If the attack is successful, a piece of malware is downloaded and installed on the victim’s machine. Attackers can quickly re-encode exploits to avoid antivirus detection, so not having the URLs blocked in the first place is important to them. Users are advised to update their browser plugins and softwares like adobe and java. An antivirus solution that offers advanced layers of protection is advisable to be used. Stay safe and secure