[nsp-sec] Nasty fast-fluxed sites containing javascript malcode [FICORA #183472]
Huopio Kauto
Kauto.Huopio at ficora.fi
Fri Jul 11 04:13:11 EDT 2008
Hi folks,
The following URL:s relate to a javascript that we found
in a finnish website. Very fresh domain registrations
and heavily fast-fluxed. Any analysis?
Takedown of the domains and sites etc is more than welcome
> > hxxp://bkpadd.mobi/cgi-bin/index.cgi?ad
> > hxxp://usaadw.com/cgi-bin/index.cgi?ad
> > hxxp://drvadw.com/cgi-bin/index.cgi?ad
> > hxxp://adwnetw.com/cgi-bin/index.cgi?ad
> > hxxp://loopadd.com/cgi-bin/index.cgi?ad
This seems to be related with SQL injection attacks and
ngg.js. Just google ngg.js..
--Kauto
Kauto Huopio - kauto.huopio at ficora.fi
Senior information security adviser
Finnish Communications Regulatory Authority / CERT-FI
tel. +358-9-6966772, fax +358-9-6966515, mobile +358-50-5826131
CERT-FI watch desk daytime: +358-9-6966510
CERT-FI 24/7 on-call duty officer: +358-44-0120123 / http://www.cert.fi
More information about the nsp-security
mailing list