Not 100% sure about the correctness of this, according to
http://isc.sans.org/diary.html?storyid=4840
search in Google with "site:yoursite "script src=http://*/""ngg.js"|"js.js"|"b.js" ", and look for JavaScripts from Russia or other countries, which might indicate the site has been hacked.
I was quite shock to find quite a lot of Australian sites (com.au & gov.au) in the list. So be careful when you browse the net!
Results I got around lunch time today, with some of the sites listed below:
about 3,380 from com.au for "script src=http://*/""ngg.js"|"js.js"|"b.js". (0.31 seconds)
www.autosite.com.au
www.flexinet.com.au
www.villaworld.com.au
www.insuremyride.com.au
www.johnsands.com.au
www.hockeynsw.com.au
fundraisingauctionsaustralia.com.au
www.eventwatch.com.au
www.arcsigns.com.au
www.melbournelandscaping.com.au
www.sharkbaycruises.com.au
www.dosearch.com.au
www.trekandtravel.com.au
about 433 from gov.au for "script src=http://*/""ngg.js"|"js.js"|"b.js".
www.bendigo.vic.gov.au
business.kingston.vic.gov.au
www.walkingchallenge.gov.au
www.whitsunday.qld.gov.au
www.knox.vic.gov.au
www.glenelg.vic.gov.au
www.macedon-ranges.vic.gov.au
www.colacotway.vic.gov.au
www.hobsonsbay.vic.gov.au
www.nationalcapital.gov.au
www.walkingchallenge.gov.au
No comments:
Post a Comment