Discovered by security researchers at scan safe

“A potent trojan cocktail consisting of backdoors, password stealers, and downloader is being loaded by a malicious iframe on nearly 55,000 compromised website pages. The iframe points to an intermediary exploit site, http://a0v.org/x.js, which in turn loads additional exploits and malware from up to seven different malware domains.

A Google search on the iframe script tag resulted in 54,900 hits. Victim sites include www.feedzilla.com, latindiscover.com, and a number of charitable and nursing facilities, including howellcarecenter.com, sweetgrassvillagealf.com, www.foodsresourcebank.org, and morningsideassistedliving.com.”

I started seeing these domains pop up around 8/5. Follow the links below for more information.

ahthja info
laogong info

Read More