Iframe Alias(dot)jjbworks(dot)com Mass Infection

Posted by on Tuesday, January 31st, 2012  |  20,191 views

Another hidden and malicious iframe is spreading by infecting websites:

Image

The iframe code is added before the BODY tag of the HTML page and is obfuscated:

Image

The extracted malicious link is:

hxxp://alias .jjbworks .com/analytics.php

Details about the malicious domain:

Website: alias .jjbworks .com
Domain Hash: 2f8f518cb5d452fca78b8c11b3a53913
IP Address: 68.68.20.114 [SCAN]
IP Hostname: 68.68.20.114.customer.bluemilenetworks.com
IP Country: -- (--)
AS Number: 11013
AS Name: BLUE-AS - Bluemile, Inc

URLVoid report:

http://www.urlvoid.com/scan/alias.jjbworks.com

Websites infected with this malicious code:

sosumo .net

URLVoid report:

http://www.urlvoid.com/scan/sosumo.net

Posted by on Tuesday, January 31st, 2012 at 2:20 pm and filed under Security News with tags , , , . You can skip to the end and leave a response. Pinging is currently not allowed.

Random Posts

Previous Posts