On Mon, 19 Jul 2004, Hubbard, Dan wrote: > We have discovered more than 300 websites that include malicious code > that will attempt to run a program on your machine without end-user > intervention. Similar to the recent Scob attack, a dual-pronged approach > of exploiting vulnerable servers and clients is being used. > > There is no commonality on the web server side with the exception of 164 > sites that are all hosted by the same hosting facility in Florida. > > Details on the hosting facility in Florida: > > The site that includes the exploit code is: > > http://www.karl-marx.ru/ [...] I suspect this domain is a BlackHat server - period. We had a keylogger trojan ("Padonok" - it WAS NOT detected by our any of our virus scanners, malware detectors et al) hit one of our desktops more than a month ago. It tried to deliver the stolen data to that server. That they are *still* in operation tells you that they are either unbelievably incompetent or actually owned in the financial sense by the bad guys. Here is what little I know about them: http://spamwatch.codefish.net.au/modules.php?op=modload&name=News&file=article&sid=93&mode=thread That dates all the way back to March... -- Benjamin Franz Catapultam habeo. Nisi pecuniam omnem mihi dabis ad capul tuum saxum immane mittam. (Translation: "I have a catapult. Give me all the money or I will fling an enormous rock at your head.") Henry Beard
