IIS site hacked with ww.robint.us malware

Posted by sucuri on Server Fault See other posts from Server Fault or by sucuri
Published on 2010-06-08T21:15:52Z Indexed on 2010/06/08 21:23 UTC
Read the original article Hit count: 330

Filed under:

A bunch of IIS sites got hacked with a javascript malware pointing to ww.robint.us/u.js.

Google cache says more than 1,000,000 different pages got affected:

http://www.google.com/#hl=en&source=hp&q=http%3A%2F%2Fww.robint.us%2Fu.js

http://blog.sucuri.net/2010/06/mass-infection-of-iisasp-sites-robint-us.html

My question is: Did anyone here got hacked with that and still have any logs (or network dump) available for analysis? If you do, have you spotted anything interesting in there?

Sites as big as wsj.com got hacked and some people are saying that maybe a zero-day on IIS/ASP.net is in the wild...

© Server Fault or respective owner

Related posts about hacked