[Emerging-Sigs] Mass File Injection Attack From Russia With Zlob
James McQuaid
jim.mcquaid at gmail.com
Mon May 12 09:13:04 EDT 2008
Mass File Injection Attack From Russia With Zlob
http://isc.sans.org/diary.html?storyid=4405
"a couple of URLs containing a malicious JavaScript that pulls down a
file associated with Zlob. If you do a google search for these two
URLs, you get about 400,000 sites"
209.51.196.242/32 hostpinoy.info
209.51.196.254/32 *.0fees.net, free.hostpinoy.info, *.hostpinoy.info
*.usin.0fees.net, scotiabank.0fees.net, usin.0fees.net
217.199.217.9/32 xprmn4u.info
Sponsoring registrar for xprmn4u.info is Estdomains; they are using
PrivacyProtect.org to hide Whois data.
hostpinoy appears to be on a RoadRunner server in Columbus; probable
involvement in financial crime.
--
James McQuaid
http://www.jamesmcquaid.com
More information about the Emerging-sigs
mailing list