Keep up the fight guys.
Tips:
- These attacks are directing visitors to malicious ru sites.
- Chances are, they are trying to install malware (WinAntivirus 2009 Pro or a variant)
- The last snippet provided this url: (DO NOT VISIT THIS URL)
Code:
http://sanspo-com.freewebs.com.cnblogs-com.bestnewsmall.ruDISABLED-URL-WARNING:8080/plala.or.jp/plala.or.jp/39.net/gamevance.com/google.com
(I have added the 'DISABLED-URL-WARNING' to prevent a careless mistake - DO NOT VISIT THIS URL!!!!)
- Consider stripping out the characters in the strings that have .replace() parts to find the real URL/commands for your cleaning utility
- Blocking all .ru sites is a good idea for personal protection
Godspeed - keep up the fight!