Attackers inject 55.000 websites with cocktail of Trojans

Hi malware fighters,

Attackers succeeded in injecting 55.000 websites with an exploit,
that treats visitors to a “potent Trojan cocktail”, according to ScanSafe:
http://blog.scansafe.com/journal/2009/8/21/up-to-55k-compromised-by-potent-backdoordata-theft-cocktail.html
To hacked websites a iframe was added redirecting to the exploitsite.
The exploit then downloads other exploits and malware from various domains.
This is a cocktail consisting of backdoors, passwordstealers and downloaders.
The following Google Search will generate 55.000 hits:
http://www.google.nl/search?hl=en&client=firefox-a&rls=org.mozilla:en-US:official&tbo=1&tbs=qdr:y&q=“script+src%3Dhttp://a0v.org/x.js”&start=0&sa=N
The malware comes from following domains: ahthja.info, gaehh.info, htsrh.info,
car741.info, game163.info, car963.info, and game158.info, of which ahthja.info is most active,
with malicious software including 3869 trojans, 2691 scripting exploits, 2513 exploits.
This site was hosted on 1 network(s) including AS4837 (CNC).

The hosts list can be found here: http://www.blackerror.com/blockip/240809.txt
Mentioned iframes were built with a builder, that was released just a couple of days ago,
we will keep you informed,

polonus

great one pol.

Ouch…

Thanks polonus

I second ouch! :o

Thanks again Pol^^

I third ouch! ;D

-AnimeLover^^


Thanks for the information, Polonus. :slight_smile:


Thanks for the info Polonus.

Thanks for the info Pol!

Thanks for the sharing, polonus. :slight_smile:

+1 :slight_smile: