[nsp-sec] What malware is this?
John Payne
john at sackheads.org
Wed May 19 20:11:01 EDT 2010
On May 19, 2010, at 3:13 AM, Dirk Stander <dst+nsp-sec at glaskugel.org> wrote:
> ----------- nsp-security Confidential --------
>
> .: John Payne (Wed, May 19, 2010 at 01:16:14AM -0400)
>> Compromised website with JavaScript fun. Looks like calls out to fastfluxed hostnames in domains such as notkey.ru, reldedqape.ru and tallpen.ru
>> Anyone know what this is?
>
> Hi John,
>
> thats sounds like a gumblar-style javascript, which redirects users to exploit packs
> hosted on a fluxing set of servers.
> You'll find some compromised sites in my posting from Wed, 12 May 2010 18:43:23 +0200
> Message-ID: <20100512164323.GA15388 at glaskugel.org>
>
Thanks Dirk.
More information about the nsp-security
mailing list