polonus
4
This was the hack being performed (just defacement, apperently nothing infectious, but the site is hackable): [ Hacked By ALFA TEaM ]==—<link rel=“shortcut icon” href="
htXp://sole-sad.persiangig.com/image/peace-and-love.jpg" Iranian hackers operating from a USA IP.
Here you see what is out there: http://urlquery.net/report.php?id=5804098
http://urlquery.net/report.php?id=5430574 IDS alert for “ET CURRENT_EVENTS Executable Download named to be .com FQDN”
meaning “Fully Qualified Domain Name” → http://doc.emergingthreats.net/bin/view/Main/2011495 (indicating trojan activity)
line 10: 10:< img src=“htxp://sole-sad.persiangig.com/image/peace-and-love.jpg”> Iranian hackers
(defacement with the web page modified). Generally done for fun, political reasons and by script kiddies
This is being flagged by avast! Web Shield : htxp://ist.net.sa/ as infected with JS:Defacement-H[Trj]
polonus