I recently wrote a tiny PHP script that would log all visitors - I wanted to know who was viewing my fresh website, and didn't have access to Apache logs. After a week, I noticed some requests for /%7Egrawity/ (instead of the usual /~grawity/), with referers linking to a black page with a picture of YouTube player. When opened, the page popped up some 5 prompts to install ActiveX or XPI "codecs".

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/650/2309#2309