Nov 20, 2008 hacker atacks

Baby hacker has moved to

And his baby bots are now trying to inject this new url into websites.
The site when inspected using Spam Spade to avoid any virus infection shows the exploit is in the html just like before.

A search shows its infected many websites.
Parsing input:
Host (checking ip) =
host = (cached)
Host (checking ip) =
host = (cached)
Routing details for
[refresh/show] Cached whois for :
Using abuse net on
abuse net =
Using best contacts

Send abuse messages to

Nov 12, 2008 another beta
Required header 'Accept' missing GET / HTTP/1.0
User-Agent: Mozilla/5.0 (compatible; itsapic.com_crawler/0.01 +;
Connection: close

This bot was scanning webing looking for sites and got blocked by BB so watch for it.
Website does not tell what its doing or ask permission to enter your site.

add to robots
User-agent: itsapic.com_crawler
Disallow: /

Nov 8, 2008 hacker now shut down.

Am getting a lot of these request lately


They are from lots of IPS all trying to remote load this page. Inside that page is a hack atempt. AVG gives an alarm if you try to view the source.

Do not go to the website AVG detects a virus but it still gets into your system. Look for ..
a trojan horse downloader.generic8.cox

The site has now been shutdown.

A search of google shows that sites all over the net are infected with this atack and they are allowing the atack to spread. Perhaps they are involved in the atack?