SurfTown: Yet more compromised sites

A friend alerted me, after reading my blog, to a plethora of other sites on SurfTown IP space he'd found, that were also carrying malicious code.

SurfTown did get back to me after my last blog, telling me it had been cleaned up but alas - it hadn't. A quick check showed the infection was very much still there, and indeed, a quick check a second ago, shows it's still there as of 15-10-2010 03:03 (GMT London).

It would seem, just like HostingDiscounter (a Netherlands based IP that had a plethora of sites compromised recently), SurfTown is having major problems with compromised sites on their network. Until this is resolved, I'd strongly advise caution if going to ANY site on their network.

Some of the sites I've checked this morning do indeed appear to have been cleaned up, but alot haven't.

The redirects have been seen going through the following on port 11066;

IP	PTR	ASN	Country
112.200.146.142	112.200.146.142.pldt.net.	9299	PH
112.202.3.206	112.202.3.206.pldt.net.	9299	PH
115.117.114.59	-	10199	IN
115.118.212.164	115.118.212.164.static-delhi.vsnl.net.in.	10199	IN
115.118.212.164	115.118.212.164.static-delhi.vsnl.net.in.	10199	IN
115.43.120.37	host-37.120-43-115.dynamic.totalbb.net.tw.	9416	TW
115.43.120.37	host-37.120-43-115.dynamic.totalbb.net.tw.	9416	TW
117.195.5.121	-	9829	IN
117.195.5.121	-	9829	IN
120.138.120.85	85-120-138-120.mysipl.com.	45194	IN
120.138.120.85	85-120-138-120.mysipl.com.	45194	IN
123.203.153.82	123203153082.ctinets.com.	9269	HK
123.203.153.82	123203153082.ctinets.com.	9269	HK
123.203.153.82	123203153082.ctinets.com.	9269	HK
123.237.110.13	-	17803	IN
123.237.110.13	-	17803	IN
123.237.110.13	-	17803	IN
173.25.85.232	173-25-85-232.client.mchsi.com.	6478	US
173.25.85.232	173-25-85-232.client.mchsi.com.	6478	US
173.29.92.16	173-29-92-16.client.mchsi.com.	6478	US
183.82.166.185	-	55577	IN
188.112.198.85	-	49291	RU
188.112.198.85	-	49291	RU
189.121.14.247	bd790ef7.virtua.com.br.	28573	BR
200.93.51.185	200.93.51-185.dyn.dsl.cantv.net.	8048	VE
201.80.111.147	c9506f93.virtua.com.br.	28573	BR
201.87.47.240	-	19182	BR
207.161.169.211	wnpgmb01dc6-169-211.dynamic.mts.net.	15290	CA
212.220.95.180	-	6828	RU
24.140.170.239	cable-170-239.sssnet.com.	12097	US
24.181.122.56	24-181-122-56.dhcp.leds.al.charter.com.	20115	US
24.181.122.56	24-181-122-56.dhcp.leds.al.charter.com.	20115	US
24.191.39.250	ool-18bf27fa.dyn.optonline.net.	6128	US
58.9.136.89	ppp-58-9-136-89.revip2.asianet.co.th.	17552	TH
58.9.136.89	ppp-58-9-136-89.revip2.asianet.co.th.	17552	TH
59.166.91.162	59-166-91-162.rev.home.ne.jp.	9824	JP
64.56.253.253	dsl-64-56-253-253.tor.primus.ca.	6407	CA
64.56.253.253	dsl-64-56-253-253.tor.primus.ca.	6407	CA
65.188.144.128	cpe-065-188-144-128.triad.res.rr.com.	11426	US
66.177.151.191	c-66-177-151-191.hsd1.fl.comcast.net.	33489	US
66.177.153.116	c-66-177-153-116.hsd1.fl.comcast.net.	33489	US
66.177.153.116	c-66-177-153-116.hsd1.fl.comcast.net.	33489	US
66.177.153.116	c-66-177-153-116.hsd1.fl.comcast.net.	33489	US
66.25.108.7	cs6625108-7.bham.res.rr.com.	10994	US
67.248.48.45	cpe-67-248-48-45.nycap.res.rr.com.	11351	US
67.248.48.45	cpe-67-248-48-45.nycap.res.rr.com.	11351	US
67.81.138.31	ool-43518a1f.dyn.optonline.net.	6128	US
70.75.77.178	S0106000c7686e0b4.cg.shawcable.net.	6327	CA
71.229.172.69	c-71-229-172-69.hsd1.co.comcast.net.	33652	US
75.158.23.218	d75-158-23-218.abhsia.telus.net.	852	CA
75.87.91.99	cpe-75-87-91-99.kc.res.rr.com.	11955	US
76.189.93.227	cpe-76-189-93-227.neo.res.rr.com.	10796	US
76.26.94.109	c-76-26-94-109.hsd1.wv.comcast.net.	7016	US
78.15.169.96	dynamic-adsl-78-15-169-96.clienti.tiscali.it.	8612	IT
78.43.245.52	HSI-KBW-078-043-245-052.hsi4.kabel-badenwuerttemberg.de.	29562	DE
78.88.158.228	078088158228.tczew.vectranet.pl.	29314	PL
81.198.148.252	-	12578	LV
82.230.217.23	-	12322	FR
82.232.214.156	mrc45-1-82-232-214-156.fbx.proxad.net.	12322	FR
83.254.68.200	c83-254-68-200.bredband.comhem.se.	39651	SE
83.82.88.173	535258AD.cm-6-3b.dynamic.ziggo.nl.	9143	NL
83.82.88.173	535258AD.cm-6-3b.dynamic.ziggo.nl.	9143	NL
84.90.101.23	co1-84-90-101-23.netvisao.pt.	13156	PT
85.225.222.170	c-aadee155.360-1-64736c11.cust.bredbandsbolaget.se.	2119	SE
86.0.138.150	cpc1-pete8-0-0-cust661.4-4.cable.virginmedia.com.	5089	GB
87.12.200.171	host171-200-static.12-87-b.business.telecomitalia.it.	3269	IT
87.251.137.82	-	39792	RU
88.147.9.228	-	29096	BE
88.147.9.228	-	29096	BE
88.23.87.165	165.Red-88-23-87.staticIP.rima-tde.net.	3352	ES
88.23.87.165	165.Red-88-23-87.staticIP.rima-tde.net.	3352	ES
89.132.11.7	adsl-89-132-11-7.monradsl.monornet.hu.	6830	HU
89.132.11.7	adsl-89-132-11-7.monradsl.monornet.hu.	6830	HU
89.176.43.147	ip-89-176-43-147.net.upcbroadband.cz.	6830	CZ
89.228.25.34	host-89-228-25-34.zamosc.mm.pl.	21021	PL
89.29.223.13	89.29.223.13.elda.cableworld.es.	3339	ES
89.29.223.13	89.29.223.13.elda.cableworld.es.	3339	ES
89.29.223.13	89.29.223.13.elda.cableworld.es.	3339	ES
89.29.223.13	89.29.223.13.elda.cableworld.es.	3339	ES
90.34.46.213	AAmiens-156-1-71-213.w90-34.abo.wanadoo.fr.	3215	FR
90.34.46.213	AAmiens-156-1-71-213.w90-34.abo.wanadoo.fr.	3215	FR
91.117.111.107	107.111.117.91.dynamic.mundo-r.com.	12334	ES
91.139.232.11	-	28898	BG
92.126.35.159	-	41440	RU
93.115.252.101	-	34060	RO
93.115.252.101	-	34060	RO
94.181.61.160	net61.181.94-160.chel.ertelecom.ru.	41661	RU
94.181.61.160	net61.181.94-160.chel.ertelecom.ru.	41661	RU
94.181.61.160	net61.181.94-160.chel.ertelecom.ru.	41661	RU
98.226.109.141	c-98-226-109-141.hsd1.in.comcast.net.	33491	US
98.248.200.221	c-98-248-200-221.hsd1.ca.comcast.net.	33651	US
98.250.233.52	c-98-250-233-52.hsd1.mi.comcast.net.	33668	US