Sponsored by..

Tuesday 13 September 2011

Injection attack: cbchhuacyus.com, ibccmsuiyus.com and wbccmquwyus.com

There is currently a Sinowal injection attack doing the rounds, redirecting traffic to the following domains on 46.165.192.97:

cbchhuacyus.com
ibccmsuiyus.com
wbccmquwyus.com

There may well be other domains on the same server, blocking traffic to 46.165.192.97 would probably be prudent. The payload is being analysed (I will post an update later), but detection rates are not good.

No comments: