Few researchers from Armorize Malware Blog have found mysql.com was compromized with hosting malicious codes. The malicious code was injected to .js file which can be obtained from here.
Basically the decoded script point to "hxxxp://falosfax.in" which will redirecting "302 protocol" to final exploiting websites "hxxxp://truruhfhqnviaosdpruejeslsuy.cx.cc/main.php". The truruhfhqnviaosdpruejeslsuy.cx.cc exploiting client browers plugin like Adobe PDF, Flash, Java and executable malware file.
Right now, the "s_code_remote.js" is clean after removing the code.
READ FULL HERE
Basically the decoded script point to "hxxxp://falosfax.in" which will redirecting "302 protocol" to final exploiting websites "hxxxp://truruhfhqnviaosdpruejeslsuy.cx.cc/main.php". The truruhfhqnviaosdpruejeslsuy.cx.cc exploiting client browers plugin like Adobe PDF, Flash, Java and executable malware file.
Right now, the "s_code_remote.js" is clean after removing the code.
READ FULL HERE
0 comments:
Post a Comment