If you have been following our blog long, you probably heard about quite a few large scale attacks affecting many hosting companies: GoDaddy, Bluehost, Dreamhost, etc, etc.
< script src =" http://vancouvererrorsonfile.com/js2.php
Note that this domain is not currently blacklisted (and the site is up), so be careful when clicking those links. So far, we are seeing this spread only on Bluehost and Dreamhost, but it seems to be too early to tell how many sites are affected.
However, what is interesting is the people behind this attack (and all others). Those domains are always registered by:
Hilary Kneber firstname.lastname@example.org
7569468 fax: 7569468
29/2 Sun street. Montey 29
Virginia NA 3947
You can check all the big ones that affected a large number of sites:
All by the same group and all of them using the same tactics. We should start monitoring registrations using this domain and block them automatically.
We will post more details as we learn about it.