SophosLabs blog

Last month we reported a high profile site infected with Troj/Badsrc-A. Looking through the feedback we get from the WS1000 web appliance, we have seen some more high profile infected sites.

As I write the website is still infected. SophosLabs doesn’t recommend visiting it.

The source of this page shows the attack:

The attack site and script have been obfuscated (the last three x’s are ‘uck’). The domain pointed to by this attack seems to be down. However, the existence of this malicious script suggests other more serious issues on this server.

We have tried contacting the sites owner’s and are currently awaiting a response.

Posted on April 4th, 2008 by Pob, SophosLabs, UK
Filed under: Malware, Web

                                         

Windows 7 security - A great leap forward or business as usual?

Related posts

• Get married - get infected
• Watch football - get infected.
• What happens when we find an infected website?
• Get a domain - get infected
• How long has this been going on? Star’s site infected