- rnmb.net/0.js says "ok! ^_^ Don't hank me !" but compared to the first two that are still active, this one is down as of yesterday, despite that it still remains embedded on many sites
Detection rate for the unobfuscated exploit :
Detection rate for the obfuscated exploit :
A lot of university, and international government sites continue to be embedded with the script, and so is Computer Associates site according to this article :
"Part of security software vendor CA's Web site was hacked earlier this week and was redirecting visitors to a malicious Web site hosted in China. Although the problem now appears to have been corrected, cached versions of some pages in the press section of CA.com show that earlier this week the site had been redirecting visitors to the uc8010.com domain, which has been serving malicious software since late December, according to Marcus Sachs, director of the SANS Internet Storm Center."