Archive for September, 2008

Posted in sql injection on September 22, 2008 by s3cu

a new round of sql-injection attacks to inject the malicious link.
The w.js script essentially iframe to new.htm
Content of new.htm as follows:
Continue reading

Posted in sql injection on September 11, 2008 by s3cu

the URL contains links to

view.exe is a downloader – VT analysis

The URL also has an iframe embedded:

<iframe id=”01″ src=”2.html” frameborder=”0″ style=”display:none”></iframe>

2.html links to malicious obfuscated JS:

<meta http-equiv=”refresh” content=”2;URL=″>

The above IP is associated with many domains such as

Posted in Mebroot on September 1, 2008 by s3cu

after a series of obfuscated JS, the final decoded content as follows:
Continue reading