Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: Mass File Injection Attack - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Mass File Injection Attack

We received a report from Mike this afternoon about a couple of URLs containing a malicious JavaScript that pulls down a file associated with Zlob.  If you do a google search for these two URLs, you get about 400,000 sites that have a call to this Javascript file included in them now.  The major portion of the sites seem to be running phpBB forum software.

If you have a proxy server that logs outbound web traffic at your site, you might want to look for connection attempts to these two sites.  Internal clients that have connected may need some cleanup work.  Another preventive step would be to blacklist these two URLs.

hxxp://free.hostpinoy.info/f.js
hxxp://xprmn4u.info/f.js

David

78 Posts

Sign Up for Free or Log In to start participating in the conversation!