Note: Any sites listed below are dangerous and should not be followed without proper protection.
The compromised pages are injected with the same script several times in and around the title and meta tags, as well as other locations. Injected sites in this attack share the common characteristic of “script src=http” and a varying script source.
The list below shows the injected domains used in this attack. The number next to each domain is the amount of sites found to be injected with the domain using Google search.
eSoft is adding detection for these attacks and flagging any victimized sites as compromised. Distribution and redirect sites are marked as malicious, protecting users from downloading the final dangerous payload.