We keep seeing fake jQuery sites popping up and being used to distribute
malware. One was jquerys.org
, other was jquery-framework.com
and the new one
is jqueryc.com (188.8.131.52).
And this new one seems to be affecting many web sites in the last few days. All of them have the following on their header or index.php files:
Which redirects any visitor to the web site to jqueryc.com where it is then sent to other random spammy domains (seems like a TDS is in place).
*Note that the domain was just registered (20-nov-2012), so it is not being flagged anywhere.
**The official jquery sites are jquery.org or jquery.com. Other variations are likely fake.