Niktu script injection is a mass SQL: injection campain and an IDS alert for the IP was found also for this url: http://urlquery.net/report.php?id=3500227
Site passed the BING & GOOGLE MALWARE test, the Google bot test, and failed on hostile strings, naturally failed the generic webbot test and is being blacklisted:
http://www.yandex.com/infected?url=2009.npe.org&l10n=en
On Niktu script injection: http://www.ahmsta.com/2012/04/nikjju-mass-injection-campaign-target-more-than2-millions-urls.html link article author = Ahmsta
Here the malware campaign is connected to the Lizamoon one: http://www.ahmsta.com/2012/04/nikjju-mass-injection-campaign-target-more-than2-millions-urls.html link article author = Niels Provos (credits for his sites aggregation) Provos’s conclusion:
For future studies of malware infections, I suggest taking the number of infected sites as a more reliable measure than counting the number of infected URLs.
See: http://scanurl.net/?u=http%3A%2F%2F2009.npe.org%2Fattendee%2Fpress%2Fphotos.asp%3Fid%3D4&uesb=Check+This+URL#results
See the external elements scan here: http://zulu.zscaler.com/submission/show/ed97e9e7cfff45b19ed5752dcad20a0c-1372849484
e.g. https://www.virustotal.com/nl/url/eae715faba4d00a88cf4d964e1e4361f9289b913d55c0c72b03b4edf8440cc5f/analysis/
For an oversight see: http://jsunpack.jeek.org/?report=08df86c193772807e383ebe285928ddee17d9731 (visit with NoScript active and in a VM/sandbox -
link for the advanced security aware)
polonus