this injected script also has several associated domains
- dd45h.8866.org/fkzd/16.htm
- wm.1kfie.cn/x150/xx.html
One of the exploit downloads a rootkit from d.cdwsx.com/xx/x150.css [VT Analysis]
this injected script also has several associated domains
One of the exploit downloads a rootkit from d.cdwsx.com/xx/x150.css [VT Analysis]
active sql-injection attack.
Injected scripts and exploits iframe to several urls such as:
the scripts generate some form of ‘time-based’ parameters that probably is only available for a brief period.
The trojan downloader from http://www.haerh.info get a list of evil programs from http://www.gehae.info/2.txt