Archive for January, 2009

iwdown.com/inc/e.js

Posted in sql injection on January 22, 2009 by s3cu

this sql-injected URL contains iframes to http://www.advpoints.com.
Seems to be profiting thru referrals rather than injecting malware.

Advertisements

u.winzxm.com

Posted in sql injection on January 21, 2009 by s3cu

another sql-injected domain….this one works.
Iterating through the obfuscated JS, it finally exploits ├że typical set of vulnerabilities like IE7, flash, snapshot view etc.

allspaces.com/z.js

Posted in sql injection on January 19, 2009 by s3cu

this is another sql-injected URL. However z.js does not seem to be accessible.

har5launo.com/cgi-bin/index.cgi?dx

Posted in Mebroot on January 8, 2009 by s3cu

URL contains malicious javascript which eventually links to Mebroot trojan.
[VT results=4/38]