[Nottingham] A Google Webmaster Scam?
Martin
martin at ml1.co.uk
Wed Dec 19 17:42:46 UTC 2012
>>> Poking around in the js, you can see that there are src parameters
>>> to http://ozecqnxm.qhigh.com/terafegwqegwg.cgi?5
>>
>> Indeed so! A quick grep has soon found that. Looks damned suspicious.
>>
>> Thanks for that. So how did you find that one?
>
> Probably quite easily if anyone else has used Chrome to try an access
> the NLUG web page. It popped up a giant red warning page telling us all
> to steer well clear of it, and referenced the above URL as the source of
> malware.
>
> (Sorry, I was too lazy to send a screenshot at the time and was pretty
> sure it would result in a rant and an uproar on here eventually anyway.)
>
> ;-)
Duhh... I'm using Firefox and got no such thing... Likely stopped by my
DNS blocking and NoScript?...
So how long has that been flashing up?!
(Before I start searching all the backups to find the hit date...)
Cheers,
Martin
--
- ------------------ - ----------------------------------------
- Martin Lomas - OpenPGP (GPG/PGP) Public Key: 0xCEE1D3B7
- martin @ ml1 co uk - Import from hkp://subkeys.pgp.net or
- ------------------ - http:// ml1 .co .uk/martin_ml1_co_uk.gpg
More information about the Nottingham
mailing list