Sponsored by..

Monday 17 March 2014

Injection attack in progress 17/3/14

A couple of injection attacks seem to be in progress, I haven't quite got to the bottom of them yet.. but you might want to block the following domains:


These are hosted on and respectively.

The malware is resistant to automated tools and redirects improperly-formed attempt to analyse it to Bing [1] [2]. The malware is appended to hacked .js files on target sites and looks similar to this:

This sort of attack has been used to push fake software updates in the past. Even though I can't quite get to the bottom of this at the moment, you can be pretty sure that this is Nothing Good and I would recommend blocking these domains.

No comments: