The Latest in IT Security

94.244.80.7 / bookpolo.com / booksolo.com / bookgusa.com injection attacks

08
Jun
2011

The crew responsible for the LizaMoon and Worid-Of-Books.com are back with a new set of injection attacks, this time hosted on 94.244.80.7 in Lithuania.

The following domains are currently in use:
bookaros.com
bookarra.com
bookavio.com
bookdolo.com
bookfula.com
bookgusa.com
bookmonn.com
bookmono.com
bookmylo.com
booknunu.com
bookpolo.com
booksgou.com
booksoco.com
booksolo.com
booktuba.com
bookvila.com
bookvivi.com
bookvoxy.com
bookzoul.com
bookzula.com

Registrant details are familiar and fake:

JamesNorthone
   James Northone [email protected]
   +1.5168222749 fax: +1.5168222749
   128 Lynn Court
   Plainview NY 1180
us

Injection attacks seem to be either trying to insert an anchor with the word “book” pointing to one of the bad sites, presumably as a “Worid of Books”-type SEO campaign, or alternatively they are using the ur.php approach the LizaMoon used.

The whole 94.244.64.0/18 block looks toxic and is worth blocking. I’ll post more details on that when I get the time.

Leave a reply


Categories

MONDAY, AUGUST 02, 2021
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments