Wsfgfdgrtyhgfd.net
Wsfgfdgrtyhgfd.net is the infamous domain used by Russian hackers to infect surfers computers with various spyware, backdoors and botnet clients. Even though the domain was purchased on October 12, 2006 it has already made it into Google with 61 entries.
The hackers use this domain as a central hub for their exploits and then point hacked servers to it. They do this buy exploiting various deficiencies in Internet servers and then change the index pages to websites that the servers host. These changes are usually either javascript or iframes.
The javascript is inserted behind the body tag of the page. A simple way to stop this threat is to put a space between the end of the body tag and its closing bracket. For some reason the rogue version of httpd that they upload and run can't properly find the body tag to insert the javascript.
The iframe attack is where they insert an iframe and every surfer that comes to your page with then get a piece of code from the Russians server at wsfgfdgrtyhgfd.net.
Both attack methods will load numerous scripts in attempts to load spyware or a botnet client or both. The scripts range from javascript to embeded objects.
Many victims have complained to the Russian hackers hosting company. The company is located in Russia. The owners of the company have stated that they don't care about hacking and they hope the hackers are making money because money is apparently hard to come by in Russia.
In addition to the hosting company, complaints have been filed with the domain registrar OnlineNIC. In most cases the registrar will deactivate the domain name and the problem is solved. However, this company doesn't respond to repeated emails and phone calls go straight to voice mail. The live customer service agents tell victims who contact them that they should email the information to the company and someone will deal with it. But no one ever does.
The Russians have been creating a very large botnet and no one seems concerned enough to stop it.
Discussion
Apparently someone took some action. the site is down now - at least it's been down for the last hour - it's 12/15/2006 at 4:10pm CST
