<< Previous Message Main Index Next Message >>
<< Previous Message in Thread This Month Next Message in Thread >> 
Date   : Sat, 30 Jan 2010 10:16:44 +0000
From   : robert@... (Rob)
Subject: Sigh. Virus alert.

On 29/01/2010, Rick Murray <rick@...> wrote:
>
> Sounds an awful like what hit my site. I don't think it was for fake
> antivirus (?), but the IFRAME thingy sounds similar.

Yups.. I remember that incident.  Very similar..

> I hope it is just the index pages, on mine it seemed - eventually - to
> be around 90% of ALL of the HTML. I think I managed to rebuild the site
> (though not yet 100% certain, I had no idea there was that much crap
> around!).

Every .html file and every index.php file (where it was smart enough
to include a ?> before the malicious code.

> As for infection, I hadn't visited your site today - but if I had,
> Firefox's NoScript would have blocked the IFRAME anyway. I don't tend to
> "trust" sites unless they don't work without some degree of "trust". I
> had no reason to "trust" your site as you aren't horribly abusing
> JavaScript (in other words, it works as it is).

Yup, I'm not a big javascript user..  There is probably some
not-of-my-making on viewdata.org.uk as it's using a simple CMS
software, but on the whole I prefer coding stuff server-side.  I've
more control of what things end up doing!


>
> Your antivirus didn't catch it first?

It seems not.  It was set to auto-update every day too.  AVG free ...
I'm now on Avast, which seems better at blocking web based stuff.
Still had a lingering infection, though, and ended up running
something called "combofix" which found it.  Got taht from here:
http://forums.spybot.info/showthread.php?t=55042

> I know THAT feeling! Like when I visited my site from the library and
> Google helpfully painted the screen red while I painted the air blue...

Indeed...!

On the plus side, it seems the hosting co were working through the
night clearing it up, and running scripts to clean all the affected
pages off again.  I'm still going to fetch everything back local and
grep for iframes, though I think.

Sometimes I hate not being in control, but I've run my own hosting,
and it became a pain in the neck, just keeping on top of the security
and version updates all the time.

Cheers!

Rob
<< Previous Message Main Index Next Message >>
<< Previous Message in Thread This Month Next Message in Thread >>