Archive for the Mebroot Category

Posted in Mebroot on January 8, 2009 by s3cu

URL contains malicious javascript which eventually links to Mebroot trojan.
[VT results=4/38]


Posted in Mebroot, sql injection on October 21, 2008 by s3cu

this sql-injected domain retrieves iframe from

The malicious iframe exploits a number of typical vulnerabilities.

The VT analysis of the malicious file is here. ThreatExpert here.

Other domains sharing the same IP are,

Posted in Mebroot on September 1, 2008 by s3cu

after a series of obfuscated JS, the final decoded content as follows:
Continue reading