- adwnetw.com
- ausadd.com
- ausbnr.com
- bnsdrv.com
- butdrv.com
- cdrpoex.com
- crtbond.com
- destad.mobi
- destbnp.com
- drvadw.com
- gbradw.com
- loopadd.com
- movaddw.com
- nopcls.com
- porttw.mobi
- pyttco.com
- tertad.mobi
- usaadw.com
- usabnr.com
Two more new ones as well:
- bkpadd.mobi
- tctcow.com
4 comments:
I wonder if you have seen this site:
http://www.bloombit.com/Articles/2008/05/ASCII-Encoded-Binary-String-Automated-SQL-Injection.aspx
Note the domain and JS listed - hiwowpp.cn/ri.js - have you come across this one before?
Sandi
That's a new one on me - I'm pretty certain that there are two crews here, one in China and one in Russia. The Russians seem to be the most prolific. The currentl bunch of .cn domains aren't resolving for me, could be that the registrar has nuked them.
I have been hit pretty badly.
Ngg.js is the one that's called, domain names seem to be changed daily.
I managed to prevent some vital tables of my DB to be infected but I don't knwo where the source is and how to stop this.
I have sent an e-mail to VIVIDS, of course no answer. Is there any way we could get back at them, file a complaint, etc.?
Vivids Media is just a reseller, you can report the domain for false WHOIS data (they are always false) to the actual registrar here:
http://www.publicdomainregistry.com/contactus/report-false-whois/
Yes, ngg.js is the current name for most of these scripts, although it does change (last week it was b.js).
Post a Comment