New Iframe exploits

Posted on January 11th, 2008 in Domain News,New Domains,Storm Worm by dglosser

Dancho Danchev.’s blog lists several domains full of exploits, using “comprehensive multiple IFRAMES loading campaigns”:

8v8 (dot) biz uc147 (dot) com 070808 (dot) net qx13 (dot) cn
sbb22 (dot) com uuzzvv (dot) com 55189 (dot) net 749571 (dot) com
jqxx (dot) org mm5208 (dot) com 68yu (dot) cn 2365 (dot) us
loveyoushipin (dot) com yun878 (dot) com xks08 (dot) com

In better news, shadowserver reports that the 17 Storm Worm domains including i-halifax.com and i-barclays.com, appears to have all been placed in a status of “NOT DELEGATED” over at nic.ru, preventing A records from being returned when looking up the domains. (Some of the other holiday-related Storm Worm domains still have their NS record.)

Comments are closed.