Thu Apr 10 10:11:33 CDT 2008
"Everyday, I look through the domains we detect as Troj/Iframe-AG because they are the domains associated with the SQL injections that have been plaguing the web over the last few months (1, 2, 3 and 4).
This morning I saw three domains making use of the .MOBI TLD. The use of a .MOBI TLD is unusual and I was going to talk about all the possible new TLDs that people could use in the future (following the ICANN meeting last week). However, something more interesting was spotted.
Quickly visiting these sites to see is they were legitimate, we (Fraser and I) noticed that the root of each site attempted to load a script AD.JS. This in turn attempted to load another website - a fake anti-virus install site."
More information about the funsec