WARNING: All sites listed on this page are dangerous (live URL with exploits) which lead to trojans beeing automatically installed on your computer. Do NOT visit them unless you know what you are doing. (only links are safe)
This doesn't include the desinfection of your website (attacked - iframed).
For this change your passwords (windows passwords, FTP, emails, database access etc.) and remove the content injected on each page as quickly as possible (contact your hosting provider for assistance).
The Zlkon network (DATORU EXPRESS SERVISS) has been cited in several blogs for hosting malicious content for cyber criminals - for example:
On Symantec website for spreading the TDSS trojan [hs.2-104.zlkon.lv] - in conjunction with IPs at UkrTeleGroup Ltd.in December 2008
It connect to a URL and drop the file "digiwet.dll" Botnets C&C: 126.96.36.199 188.8.131.52
Botnet C&C / redirect to exploit hxxp://hyperliteautoservices.cn/index.php (dead) but the trojan is still available on hyperliteautoservices.cn/load.php VirusTotal - Redirection Analysis - Anubis
Redirect to exploit hxxp://hyperliteautoservices.cn/index.php but the trojan is still available on hyperliteautoservices.cn/load.php VirusTotal - Redirection Analysis - Anubis Flash exploit is also live:
Redirects to exploits hxxp://liteautogreatest.cn/cache/readme.pdf hxxp://liteautogreatest.cn/cache/flash.swf to load trojan on hxxp://liteautogreatest.cn/load.php VirusTotal - Redirection Analysis - Anubis
Botnet C&C: 184.108.40.206
Redirect to exploits sdfi.hostindianet.com/index.php (dead)
Botnet C&C down (TS v3.2)
On 2009-03-21 01:40:07 - Analysis Redirect to exploit on hxxp://sadcwed.hostindianet.com/index.php On 2009-04-05 13:22:58 - Analysis Redirect to exploit on freeonlinehostguide.com/index.php Analysis - VirusTotal - Anubis Detection: Waledac - Kryptik.LI - Win32:Walpak Trojan.Crypt.XPACK.Gen It connect to a botnet and drop the file "digiwet.dll" Botnets: turokgame.cn [220.127.116.11] 18.104.22.168 and 22.214.171.124