[nsp-sec] compromised websites (torpig)
Gabriel Iovino
giovino at ren-isac.net
Mon May 11 09:55:01 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
DirkStander at enantiodromie.de wrote:
> Hi,
>
> please find attached a list of websites with injected javascript
> pointing to various torpig infection domains.
These two appear to be offline:
> 11050 | 131.123.252.103 | US | personal.kent.edu 1 1242006671 hyyghevif.com iframe http://www.personal.kent.edu/asabino/ | KENT-STATE - Kent State University
> 32136 | 137.125.248.24 | US | snyfarvu.farmingdale.edu 1 1241968957 hiejdjeni.com iframe http://snyfarvu.farmingdale.edu/ferrd3/ | FARMINGDALESTATE - Farmingdale State College
A sanitized notification will be sent for this one:
> 6325 | 143.43.222.100 | US | wiu.edu 1 1242013682 deaajojvif.com iframe3 http://www.wiu.edu/icehockey/ | ILLINOIS-CENTURY - Illinois Century Network
Thank you!
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkoILjUACgkQwqygxIz+pTuIEwCfdc9VtCUl3CNHqQvZBsW9i7Cm
FFsAoNbMLVuQV6q6kugQAZg2WXoa4s3k
=4O1k
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list