[liberationtech] Syrian-martyrs.com website probably compromised by virus
Andrew Lewis
me at andrewlew.is
Tue Jan 29 14:25:56 PST 2013
I can get to this in 6 hours or so, maybe someone is willing to jump
on this before then?
-Andrew
On Jan 30, 2013, at 11:06 AM, KheOps <kheops at ceops.eu> wrote:
> Dear Libtech,
>
> We just saw that the website : http://www.syrian-martyrs.com is probably
> compromised. Every page of the website contains an iFrame which links to
> a .exe file which is detected as a virus by antivirus software:
> http://acadcisco.unisla.pt/downloads/uploads/software/ActiveX.exe
>
> The fact that the HTML code is present at the bottom of each page makes
> me think that the "index.php" page has been changed in a way that makes
> that iFrame appear on every page of the website, after the dynamic content.
>
> It also probably means that the attackers have some kind of access to
> the server. My guess would be going to a PHP shell, but I'm no expert in
> this.
>
> Any help, clue, investigation, would be very welcome :)
>
> Thank you,
> KheOps
>
> --
> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
More information about the liberationtech
mailing list