Hello,
Some 10,000 attacks later and after spending too much time deciphering the Hex
code the bots sent, the bottom line is that there are just 2 web sites that are
housing the malicious Javascript. (In our case, obviously)
They are 3 3 2 2 . o r g
1 0 0 0 m g . c n
Yes, the spaces need to come out if you want to look at the sites...AT YOUR OWN
RISK.
The url link in the hex code is longer of course but I'm not going to put it in
here.
The sites are pretty much the same. They are in China, big surprise, but in
cities about 644 miles apart.
How many other domains housing malicious javascript did you all find?
Thanks, Mike
P.S. Don't ask me how the hex code was deciphered. Our network wizard did it
and he just left on vacation. :))
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;203748912;27390454;j
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310600
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
