Sucuri Research Labs

Sucuri on Twitter Sucuri on Facebook Sucuri on LinkedIn

Notes from the LabHome  |  Notes  |  Malware data  |  Signatures  |  Tools  |  About

More Fake jQuery sites - jqueryc.com

Published: 2012-11-22  by  Daniel B. Cid

We keep seeing fake jQuery sites popping up and being used to distribute malware. One was jquerys.org, other was jquery-framework.com and the new one is jqueryc.com (199.59.241.179).

And this new one seems to be affecting many web sites in the last few days. All of them have the following on their header or index.php files:



Which redirects any visitor to the web site to jqueryc.com where it is then sent to other random spammy domains (seems like a TDS is in place).

Update:We are also seeing some sites with this javascript file being included: http://www.jqueryc.com/jquery-1.6.3.min.js, which just redirects back to jqueryc.com via the same window.top.location.href in javascript.

*Note that the domain was just registered (20-nov-2012), so it is not being flagged anywhere.
**The official jquery sites are jquery.org or jquery.com. Other variations are likely fake.