Sunbelt researcher Patrick Jordan has been researching a nasty group of sites, including toolbarbarcool(dot)biz.
These guys will do anything to get on your machine.
First, it tries to infect you through a (long patched) compiled help file (CHM) exploit.
If unsuccessful at that, it goes ahead and does a 2 for 1 special — it attempts to infect through both the WMF exploit and the Javascript exploit. Both of these exploits are fairly recent: The Javascript exploit was patched on December 12th, 2005 and the WMF exploit was patched on January 5th, 2006.
Video here.
Here are the URLs:
Iframecash(dot)biz
Toolbarbest(dot)biz
Toolbarbucks(dot)biz
Toolbarcool(dot)biz
Toolbardollars(dot)biz
Toolbarmoney(dot)biz
Toolbarnew(dot)biz
Toolbarsale(dot)biz
Toolbarweb(dot)biz
newtoolbar(dot)biz
Alex Eckelberry
Great blog. I surf the web looking for blogs like
this. Your site was on point and will be back again!
Come as you are and look at my cash advance america blog.
Hype blog. And I admire your site and plan on
returning to it! When I web surf it always helps me to
find great blogs.
Search for my advance america cash advance blog, it will leave you speechless.