Comment Just adding a few facts. (Score 2) 3
1) The hijack is targeting traffic originating outside China which means people living in China will not see the hijacked js file.
2) So far it seems that it's targeting mainly traffic originating from Google's servers which is where many Chinese people deploy their proxy servers to circumvent sensorship. In my case I can see the modified js file if I turn on Data Saver ( an extension that will fetch webpages from Google's servers in order to speed up browsing and save bandwidth) in Chrome but if I access that file directly from my apartment in Montreal or from my VPS server in Japan I get the unmodified one. There are some people reporting that they managed to get the malicious file from their VPS outside China but some others don't. So far the pattern is still not clear.
3) For those people who are curious about what that file was supposed to do. It's an js library used by the online advertisement service running by Baidu, the biggest search enging provider in China. An equivalent from Google would be adsbygoogle.js, Just as wzyboy wrote this file is widely used. Most, if not all, Chinese sites use it.
3) Since 26 March Github has been under a DDOS attack and it's still going on when I'm typing this reply.
2) So far it seems that it's targeting mainly traffic originating from Google's servers which is where many Chinese people deploy their proxy servers to circumvent sensorship. In my case I can see the modified js file if I turn on Data Saver ( an extension that will fetch webpages from Google's servers in order to speed up browsing and save bandwidth) in Chrome but if I access that file directly from my apartment in Montreal or from my VPS server in Japan I get the unmodified one. There are some people reporting that they managed to get the malicious file from their VPS outside China but some others don't. So far the pattern is still not clear.
3) For those people who are curious about what that file was supposed to do. It's an js library used by the online advertisement service running by Baidu, the biggest search enging provider in China. An equivalent from Google would be adsbygoogle.js, Just as wzyboy wrote this file is widely used. Most, if not all, Chinese sites use it.
3) Since 26 March Github has been under a DDOS attack and it's still going on when I'm typing this reply.
