Thursday, August 27, 2009

a0v.org Mass Injection, with regional stats

The reported mass injection for almost 85K web site is not yet over, and it is increasing every day. The original post was released few days ago by ScanSafe followed by media coverage from The Register.

The injected malicious IFrame is pointing to hxxp://a0v.org/x.js, with no obfuscation of any kind, with further redirection to other malicious sites.


Querying Google for infections in several countries in the region, gives the below very low numbers:
Egypt 3
Saudi Arabia 3

Using Google query again for checking the Arabic site gives 28 infections


WebsSense released more details on several exploits used.

No comments: