For what it's worth, the specific URL that was injected in the sample I saw (http://1.verynx.cn/w.js) doesn't seem to work anymore. The server name doesn't resolve.
=============== Yeah, that suck, I was going to dissect it. It appears that DNS is resolving it to 127.0.0.1. I didn't know you could do that. verynx.cn resolves to 121.12.169.186, but it returns a 404 when I submit a GET for w.js. Hmm, some off-shore joint. "Asia Pacific Network Information Centre" owns the IP the domain resolves to. Shows up as possibly being in Bejing, China. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309369 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
