Blog for hpHosts, and whatever else I feel like writing about ....

Friday, 10 April 2009

Hosted javascript leading to .cn PDF malware

Unfortunately such subject lines are all so common. However, lets work through this one together to show an excellent tool, and a common source.

Steve Burn over at submitted an investigation they had been running into a number of sites hosted by a single hosting provider being compromised and leading to malware.

So, lets look at a few examples:

Firstly, just a simple proof that the exploit is still in place, lets look at :

hxxp:// ( - Whois : OrgName: Lunar Pages)

If you simply curl, or wget, the home page of this site, you'll get

Read the full article

No comments: