[nsp-sec] new list of probably compromised web sites
Florian Weimer
fweimer at bfk.de
Thu Mar 20 13:59:08 EDT 2008
* Donald Smith:
> I found some obfuscated java that I believe was injected into the
> site identified within our space.
Yes, that's it. It causes the victim browser to contact to one of the
Torpig installation sites (probably Neosploit-based, but I haven't
followed this closely):
hxxp://bgidthr.com/ld/x/
The stmenu.js is kind of frustrating because the harmless Javascript
that follows the exploit redirector is obfuscated, too. *sigh*
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the nsp-security
mailing list