Description:
A remote javascript from www.feedcat.net was found on the site. Feedcat was recently sold and it is now being used to distribute malware and redirect sites that had their old widget installed.
Domains used in this attack:
http://www.feedcat.net/js2/button.js
http://continue_.s3.amazonaws.com/index.html?AWSAccessKeyId=AKIAIKDZBVZT6ABSN6MA&Expires=1311380327&Signature=mb6bZtwVtRx7LKWE7uPJ9znhSfc%3DAffecting:
Any web site sites (no specific target)
Clean up:
Sign up here to get it clean up: Signup
Malware dump (sample of malware):
http://continue_.s3.amazonaws.com/index.html?AWSAccessKeyId=AKIAIKDZBVZT6ABSN6MA&Expires=1311373754&Signature=60QGS34LES2ymcgNXV2WT1Iq2Zg%3D
http://www.feedcat.net/js2/button.js