Another nasty Javascript exploit

From: SANS Internet Storm Center Alert

The de-obfuscated URL goes to (dont click!!) js.pceb.cc, which resolves to 85.255.114.158, which is – surprise surprise – the address range of INHoster in Ukraine. Although we are wary of excessive block-lists, we have repeatedly recommended in the past that you block this range   85.255.112.0 – 85.255.127.0

Now look who else resides on that IP address:

85.255.114.148  wrkd1s2tr.biz
85.255.114.148  outpostsupport.com (Win32/TrojanProxy.Daemonize)
85.255.114.148  lavasoftupdate.com
85.255.114.148  drwebupd.com

Just mentioned these characters the other day … you can add the following entry to your HOSTS file, until the next update.

127.0.0.1  js.pceb.cc #[Trojan.Win32.Rootkit.E]



Leave a Reply

*