Archive for September, 2009

z360.net/a.js

Posted in sql injection on September 2, 2009 by s3cu

this injected script also has several associated domains

  • dd45h.8866.org/fkzd/16.htm
  • wm.1kfie.cn/x150/xx.html

One of the exploit downloads a rootkit from d.cdwsx.com/xx/x150.css [VT Analysis]

Advertisements

k.18xn.com/x.js

Posted in sql injection on September 1, 2009 by s3cu

active sql-injection attack.

Injected scripts and exploits iframe to several urls such as:

the scripts generate some form of ‘time-based’ parameters that probably is only available for a brief period.

The trojan downloader from http://www.haerh.info get a list of evil programs from http://www.gehae.info/2.txt