On Friday 29 August 2008, Brack o'Malley wrote: > I harvested > 1700 sql injection attempts by danmec related > infectors. targets included >200 exposed honeypots (er, oops , I > mean "client maintained servers") dispersed across widely varied > address ranges. In every case this URL was the download point: > http://www0.douhunqn.cn/csrss/w.js
It's not Danmec. Currently these are the only valid .js paths on Danmec fast-flux servers: /b.js /script.js /ngg.js /add.js /lle.js /portal.js /che.js /js.js /fgg.js -Joe _______________________________________________ botnets@, the public's dumping ground for maliciousness All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets