On Friday 25 June 2004 07:05, Peter Kruse might have typed: > When the javascript runs it will try to redirect you to a remote server > http://217.107.218.147. This is where the MSITS.EXE and the javascripts are > stored. As far as I know they do not reside on the compromised IIS servers, > but simply pulls of the the payload from the remote host. Meanwhile the > host is no longer available.
I've noticed that several ISPs appear to have null-routed that IP. I can't get past our ISP's upstream right now - trace just dies. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
