Mass File Injection - Redirecting to DNSChanger Download

Mike from UploadMalware.com's team has discovered a mass file injection attack going around injecting the 2 urls below into sites running any version of phpbb forum software

hxxp://free.hostpinoy.info/f.js
hxxp://xprmn4u.info/f.js

The 2 urls point to a javascript redirect script that automatically redirect visitors to a fake codec download site. These fake codecs are known as DNSChanger. Anyone running phpbb should check out their servers.

At the time of this writing over 400,000 hits are shown in Google when you search for the urls.

If anyone has any information as to how the scripts are being injected or which exploit is being used please contact me at dnelson(shift+2)uploadmalware.com

Antivirus Version Last Update Result
AntiVir 7.8.0.17 2008.05.11 DR/Dldr.DNSChanger.Gen
AVG 7.5.0.516 2008.05.11 DNSChanger.AE
ClamAV 0.92.1 2008.05.11 Trojan.Dropper-6806
F-Secure 6.70.13260.0 2008.05.12
 Trojan.Win32.DNSChanger.clm
Ikarus T3.1.1.26.0 2008.05.12
  Virus.Trojan.Win32.DNSChanger.chg
Kaspersky 7.0.0.125 2008.05.12
  Trojan.Win32.DNSChanger.clm
Norman 5.80.02 2008.05.09 Vundo.gen171.dropper
Prevx1 V2 2008.05.12 Cloaked Malware
Sophos 4.29.0 2008.05.11 Troj/Zlobar-Fam
TheHacker 6.2.92.307 2008.05.11 Trojan/DNSChanger.chg
Webwasher-Gateway 6.6.2 2008.05.11
  Trojan.Dropper.Dldr.DNSChanger.Gen