Typosquatting has been around practically since the dawn of the Web. Often if you're typing a site address whose domain ends in .gov or .org and you mistakenly type .com or .net instead, you'll end up somewhere you didn't expect. There are also countless domains based on various misspellings of google.com, microsoft.com, and numerous other sites.
http://www.mywot.com/en/scorecard/google-azalitics.info (mentioned at hxxp://94.102.52 .27)
These variants have been variously detected as JS:Downloader-LP, JS.Crypt.CSA, JS.Siggen.84, JS/Agent.LP!tr.dldr, JS/Crypted.CP.gen, JS/Downloader, JS/Pakes, JS/Psyme.PP!tr.dldr, JS/Redir.AG.gen, JS/Redirector, JS/Redirector.AM!tr, TR/Click.Agent.NG, TR/Click.Agent.NI, TR/Dldr.Agent.fei.2, TR/Dldr.Agent.fej, TR/Dldr.Agent.fek, TR/Dldr.Agent.fel, TR/Dldr.Agent.fem, TR/Redirector.BU, TR/Redirector.BU.1, TR/Redirector.BU.2, Trojan-Clicker.JS.Agent.ng, Trojan-Clicker.JS.Agent.ni, Trojan-Downloader.JS.Agent.fei, Trojan-Downloader.JS.Agent.fej, Trojan-Downloader.JS.Agent.fek, Trojan-Downloader.JS.Agent.fel, Trojan-Downloader.JS.Agent.fem, Trojan.Click.Agent.NG, Trojan.Click.Agent.NI, Trojan.Clicker.JS, Trojan.Dldr.Agent.fei.2, Trojan.Dldr.Agent.fej, Trojan.Dldr.Agent.fek, Trojan.Dldr.Agent.fel, Trojan.Dldr.Agent.fem, Trojan.JS.Redirector, Trojan.JS.Redirector!IK, Trojan.JS.Redirector.bu, Trojan.Redirector.BU, Trojan.Redirector.BU.1, Trojan.Redirector.BU.2, Trojan.Script.397828, Trojan/JS.Redirector, Virus.JS.Downloader.LP, Virus.JS.Downloader.LP!IK, etc.
Additional domains that were actively hosting malicious urchin.js files in January or February according to MalwareURL:
Here's another that apparently hosted a malicious ga.js file last month:
See MalwareURL's lists of sites hosting urchin.js or ga.js files:
For more from the JoshMeister on Security, please subscribe to the RSS feed or follow me on Twitter.
Ever visited a land now under Islamic State rule? And you want to see America? Hand over that Facebook, Twitter, pal - Uncle Sam turns up the heat on visa hopefuls US embassies have been told to examine social media accounts of visa applicants who have ever set foot in Isl...
6 hours ago