As of now the server, which was a russian server has been taken down. Nasir Ghaznavi
On Fri, 25 Jun 2004 10:36:08 +0100, Duncan Hill <[EMAIL PROTECTED]> wrote: > > On Friday 25 June 2004 07:05, Peter Kruse might have typed: > > > When the javascript runs it will try to redirect you to a remote server > > http://217.107.218.147. This is where the MSITS.EXE and the javascripts are > > stored. As far as I know they do not reside on the compromised IIS servers, > > but simply pulls of the the payload from the remote host. Meanwhile the > > host is no longer available. > > I've noticed that several ISPs appear to have null-routed that IP. I can't > get past our ISP's upstream right now - trace just dies. > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
