Saturday, September 30, 2006

SetSlice update number 2

Hi folks,

Our Hunting Pots just found it in use at the CWS sites. These are different from the St Petersburg iframers, and this represents a significant escalation. These guys have a huge network of lures drawing traffic in from legitimate search engines. Up until this weekend, they have been using the mouldie old WMF exploit from last December, but are now as up to date as they can be. The exploit script, btw, is slightly different from the one in use by the iframers.

More to follow.



At 12:44 PM, Anonymous Anonymous said...

And socketshield detects these too??

At 3:58 AM, Blogger Roger Thompson said...


Yes, SocketShield detects it just fine.



Post a Comment

<< Home