More Fake jQuery sites
labs.sucuri.netI wonder how the links to these fake sites are injected into the infected sites in the first place. Is it through some other vulnerability and the fake sites are mainly needed to make the hack less obvious for a human auditing the code?
Or do they hope that somebody finds the fake jQuery site on Google or through a typo in the URL and then includes their fake JavaScript file instead? That seems unlikely to me.
>We keep seeing fake jQuery sites popping up and being used to distribute malware.
Anyone has more info? What kind of malware? I'm assuming client side? Any 0-days? Unsurprisingly, both websites are blocked at where I am.
I think the particularly interesting thing about this isn't the malware in question, but the vector they're using to distribute it. Almost every HTML page written in the last 5 years has jquery included somewhere, and so they're clearly trying to provide a redirection (or script-injection) vector which would pass a glance over the site code. If you run a website and have a breach it's worth being aware of during the code inspection you'd have to make.
Previously, jquery.it: http://news.ycombinator.com/item?id=2734138
a funny one: http://jqueery.com - click around :D
I thank you very very much for that. Whenever I feel down I know where to get a laugh. The song just makes it better.
"window.top.location.href = "httx://www.jqueryc.com"
Is the "httx" a mistake by the malware-authors or Sucuri Malware Labs? I find the second option more likely.
I suspect they've done it deliberately, to avoid having a malware link on their site. With the link as given, a reader would have to consciously change the 'x' for a 'p' to visit it, making it unlikely that anyone would do it accidentally.
That makes sense, and would also explain why they chose to put it in a <textarea>, I suppose. Still, it feels as if the apparent intended audience would be aware of the risks without them having to go through the trouble.
Seems odd to quibble with being a thoughtful netizen.
As used in this article, what does TDS mean?
The best acronym I was able to find (fits with the multiple redirects) is: Traffic Distribution System.