IIS site hacked with ww.robint.us malware
Posted
by sucuri
on Server Fault
See other posts from Server Fault
or by sucuri
Published on 2010-06-08T21:15:52Z
Indexed on
2010/06/08
21:23 UTC
Read the original article
Hit count: 330
hacked
A bunch of IIS sites got hacked with a javascript malware pointing to ww.robint.us/u.js.
Google cache says more than 1,000,000 different pages got affected:
http://www.google.com/#hl=en&source=hp&q=http%3A%2F%2Fww.robint.us%2Fu.js
http://blog.sucuri.net/2010/06/mass-infection-of-iisasp-sites-robint-us.html
My question is: Did anyone here got hacked with that and still have any logs (or network dump) available for analysis? If you do, have you spotted anything interesting in there?
Sites as big as wsj.com got hacked and some people are saying that maybe a zero-day on IIS/ASP.net is in the wild...
© Server Fault or respective owner