TechEcho

I wonder how the links to these fake sites are injected into the infected sites in the first place. Is it through some other vulnerability and the fake sites are mainly needed to make the hack less obvious for a human auditing the code?<p>Or do they hope that somebody finds the fake jQuery site on Google or through a typo in the URL and then includes their fake JavaScript file instead? That seems unlikely to me.

>We keep seeing fake jQuery sites popping up and being used to distribute malware.<p>Anyone has more info? What kind of malware? I'm assuming client side? Any 0-days? Unsurprisingly, both websites are blocked at where I am.

Previously, jquery.it: <a href="http://news.ycombinator.com/item?id=2734138" rel="nofollow">http://news.ycombinator.com/item?id=2734138</a>

a funny one: <a href="http://jqueery.com" rel="nofollow">http://jqueery.com</a> - click around :D

"window.top.location.href = "httx://www.jqueryc.com"<p>Is the "httx" a mistake by the malware-authors or Sucuri Malware Labs? I find the second option more likely.

As used in this article, what does TDS mean?

Previously, jquery.it: <a href="http://news.ycombinator.com/item?id=2734138" rel="nofollow">http://news.ycombinator.com/item?id=2734138</a>

a funny one: <a href="http://jqueery.com" rel="nofollow">http://jqueery.com</a> - click around :D

"window.top.location.href = "httx://www.jqueryc.com"<p>Is the "httx" a mistake by the malware-authors or Sucuri Malware Labs? I find the second option more likely.

As used in this article, what does TDS mean?

More Fake jQuery sites

6 comments

More Fake jQuery sites

6 comments