The “8×8″ script I’m referring to includes a link that looks like this:
hxxp://www.example .com/JB3xd6iX.php?id=87342871
And can be detected using a regular expression that looks something like this:
/^.*\/[a-z0-9A-Z]{8}\.php\?id=\d{8}$
more here......http://www.kahusecurity.com/2014/8x8-script-leads-to-infinity-drive-by/
hxxp://www.example .com/JB3xd6iX.php?id=87342871
And can be detected using a regular expression that looks something like this:
/^.*\/[a-z0-9A-Z]{8}\.php\?id=\d{8}$
more here......http://www.kahusecurity.com/2014/8x8-script-leads-to-infinity-drive-by/