Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Mass File Injection Attack InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Mass File Injection Attack

Published: 2008-05-11
Last Updated: 2008-05-11 21:48:56 UTC
by David Goldsmith (Version: 1)
0 comment(s)

We received a report from Mike this afternoon about a couple of URLs containing a malicious JavaScript that pulls down a file associated with Zlob.  If you do a google search for these two URLs, you get about 400,000 sites that have a call to this Javascript file included in them now.  The major portion of the sites seem to be running phpBB forum software.

If you have a proxy server that logs outbound web traffic at your site, you might want to look for connection attempts to these two sites.  Internal clients that have connected may need some cleanup work.  Another preventive step would be to blacklist these two URLs.

hxxp://free.hostpinoy.info/f.js
hxxp://xprmn4u.info/f.js

Keywords:
0 comment(s)
Diary Archives