Page is a not externally linkable
jtara - 4:02 am on Apr 26, 2007 (gmt 0)
There may be multiple tracking services being used. Or the exploit you got may be completely unrelated to the "end-user" exploit reported on elsewhere. Or this thing may now be in the hands of multiple exploiters... The above looks like a legitimate tracking service. I didn't examine their website enough to see if there is some opportunity for tracking customers to insert this exploit in some way. What would be really bad is if a legitimate tracking service has been hacked, and now this is being injected for all customer accounts. The article I wrote about references smarttrack.org. There is (at least currently) no website configured on that URL (just a default home page for some control panel software). That domain is registered in New Zealand. The IP address is owned by a company located in Panama. The IP address geolocates to Russia. Not good.
Yes, this is exactly how it happened, a redirect pointing to trackback.org that somehow installed an activex component without approval.