If you use google/altavista et al to search for some of the more obvious parts of the javascript a few come up, for example "function gc099":-
www.bifconference.com/bif2002/newsroom/Dunn_synop.rtf
www.biketas.org.au/BikeTas/ meetings/2001-10-02-minutes.txt
www.planetkc.com/sloth/sci/blklst.txt
englishrosesuites.com/style.css
www.nf.crimestoppers.ca/1992/92-93-11
www.afz.ch/Vereinigung/Accueil/ Association/Welcome/Examinations/rev.tabelleen.rtf
etc, etc, etc...
and although this one isn't infected its pretty funny to read:-
www.milonic.com/mfa/2004-June/004443.html
From: "Edge, Ronald D" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: [Full-Disclosure] Name One Web Site Compromised by Download.Ject? Date: Wed, 30 Jun 2004 08:39:32 -0500
From the latest issue of: ************************************************************************ * SANS NewsBites June 30, 2004 Vol. 6, Num. 26 ************************************************************************ * Legal liability question: Has anyone contacted an attorney yet about damage done by either of these two possibly negligent actions: (1) the Wittie worm when the security software vendor may have allowed many customers to have their systems disabled because selected users may not have gotten the patch for weeks after it was ready, or (2) Download.Ject damage done to consumers - through loss of identity data and banking passwords -- by infected web sites that apparently did not tell their clients that the site was infected? If you have gotten legal advice about these, please let us know by emailing [EMAIL PROTECTED] with subject "legal liability." ================================
So here was my email to SANS:
What I want to know is where the heck are the publicized identies of the supposedly many major web sites that were infecting their customers/visitors??
I have rarely seen such an obvious massive hush job and coverup. I have searched the news articles on Download.Ject and to date I have not found a SINGLE EXPOSED IDENTITY of a web site.
I have pointed this out to a well known IT journalist I correspond with by email regularly, and he replied that he thinks it is definitely a story worth pursuing.
I frankly am appalled that not a single site has been named, at least not to my knowlege, and I have TRIED to find one named in the news online.
Ron.
Ronald D. Edge Director of Information Systems Indiana University Intercollegiate Athletics [EMAIL PROTECTED] (812)855-9010 http://iuhoosiers.com
Corporate IT's reaction to spyware has been surprising: it's been largely swept under the rug. The problem is that you can't hide an elephant by sweeping it under the rug. It leaves quite a bulge.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_________________________________________________________________
MSN Movies - Trailers, showtimes, DVD's, and the latest news from Hollywood! http://movies.msn.click-url.com/go/onm00200509ave/direct/01/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html