Another nasty Javascript exploit

From: SANS Internet Storm Center Alert

The de-obfuscated URL goes to (dont click!!), which resolves to, which is – surprise surprise – the address range of INHoster in Ukraine. Although we are wary of excessive block-lists, we have repeatedly recommended in the past that you block this range –

Now look who else resides on that IP address: (Win32/TrojanProxy.Daemonize)

Just mentioned these characters the other day … you can add the following entry to your HOSTS file, until the next update. #[Trojan.Win32.Rootkit.E]

Comments are closed.