[liberationtech] Syrian-martyrs.com website probably compromised by virus

KheOps kheops at ceops.eu
Tue Jan 29 14:05:15 PST 2013


Dear Libtech,

We just saw that the website : http://www.syrian-martyrs.com is probably
compromised. Every page of the website contains an iFrame which links to
a .exe file which is detected as a virus by antivirus software:
http://acadcisco.unisla.pt/downloads/uploads/software/ActiveX.exe

The fact that the HTML code is present at the bottom of each page makes
me think that the "index.php" page has been changed in a way that makes
that iFrame appear on every page of the website, after the dynamic content.

It also probably means that the attackers have some kind of access to
the server. My guess would be going to a PHP shell, but I'm no expert in
this.

Any help, clue, investigation, would be very welcome :)

Thank you,
KheOps



More information about the liberationtech mailing list