this injected script also has several associated domains
- dd45h.8866.org/fkzd/16.htm
- wm.1kfie.cn/x150/xx.html
One of the exploit downloads a rootkit from d.cdwsx.com/xx/x150.css [VT Analysis]
Archive for September, 2009
z360.net/a.js
Posted in sql injection on September 2, 2009 by s3cuk.18xn.com/x.js
Posted in sql injection on September 1, 2009 by s3cuactive sql-injection attack.
Injected scripts and exploits iframe to several urls such as:
the scripts generate some form of ‘time-based’ parameters that probably is only available for a brief period.
The trojan downloader from http://www.haerh.info get a list of evil programs from http://www.gehae.info/2.txt
s3c-watch 