Wednesday, October 6, 2010

dollars javascript code – yet another Javascript obfuscation method for cc frauds ( and black hat seo ) – part 0.2

Trying to find some common factors in the pages included in the compromised sites (as indicated in the previous post (http://extraexploit.blogspot.com/2010/10/dollars-javascript-code-yet-another.html) there is evidence of a large number of sites that are suffering the same problem. In particular, using keywords that are common to many of these malicious pages, you have the following results:

sshot002
As well:

ssho001
Yet another dork that retrieve very similar URL format:
sshot003
This can reasonably confirm that this stuff is related to a big (and well organized) Black Hat Seo campaign. Thank you very much for their support to Edgar Tools and author of JJEncode .

No comments:

Post a Comment