0 Members and 1 Guest are viewing this topic.
Those who have read an Troj Davis’ analysis of this attack over the weekend, will notice the .cn site used in the redirect is different. Instead of 'sex-in-the-city.cn' we now have 'russell-brand.cn' (though both appear to be hosted on the same IP). Similarly the the rogue security site to which the user is ultimately redirected is now ‘online-antivir-scan09.com‘.