HI Aay, Berdasarkan referensi dari avast antivirus bahwa webpage ini telah terinfeksi oleh HTML:i-frame yang dimana script pada webpage HTML telah di injeksi oleh perintah, salah satu contohnya adalah sebagai berikut :
2.1 - Web page infection Among the new features is the ability to infect Web pages on the local machine. Whenever the file infector has an access to a file on the hard drive, it checks whether the files is EXE, SCR, HTM, PHP, or ASP, and then acts accordingly. For the PE files, the code discussed above is used for the infection. For HTML pages, the virus actually injects an iframe at the very end of the page: NOTE: Just before the actual iframe code, we can see a string used in the virus. This isn't added to Web pages, but to the host file. Since the machine is already infected, the virus author doesn't want the machine to be infected again, and therefore blocks access to the malicious page with the host file modification. (Source : http://securitylabs.websense.com/content/Blogs/3300.aspx) Sedangkan hasil scan kami menemukan : Source code of submitted URL: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> <title>Send big files the easy way. Files too large for email attachments? No problem!</title> <script language="JavaScript1.1" type="text/javascript"> <!-- location.replace("http://hisoftdream.com";); //--> </script> <noscript> </noscript> </head> <body> Click here to download file </body> </html> Source : http://jutaky.no-ip.org/index.php?option=com_content&task=view&id=19&Itemid=32 HTML:iFrame sendiri adalah sejini trojan yang dimana hacker melakukan injeksi baik melalui Webpage ataupun Email, dimana pada saat korban melakukan atau klik website tersebut, secara otomatis file injeksi itu akan terinstall di dalam PC/Notebook korban. Jadi mohon untuk tetap berhati hati dalam melakukan aktifitas dalam dunia internet. Proteksi diri Anda dengan tool antivirus ataupun anti rootkit ataupun anti malware yang benar benar bisa dihandalkan. Jenis jenis i frame dapat dibaca di: http://www.avast.com/eng/search.php?searchFor=iframe&fnc=search〈=ENG&x=0&y=0 Thanks and Regards, Yanto ________________________________ From: Aay Cosmas <[email protected]> To: [email protected] Sent: Tuesday, November 10, 2009 10:33:51 Subject: Re: [BinusNet] (unknown) apakah ini virus ? kalo yg sudah terlanjur klik link-nya gimana ya ? Cara mengatasi virus ini gimana ya ? Thanks --- On Mon, 11/9/09, HILARIUS JANUARFIAN <hillbi...@yahoo. com> wrote: From: HILARIUS JANUARFIAN <hillbi...@yahoo. com> Subject: [BinusNet] (unknown) To: to=val_hendri@ yahoo.com, thomas_...@yahoo. com, aidah...@yahoo. com, bpkm_...@yahoogroup s.com, ka...@realta. net, beloved_niken@ yahoo.com, tunj...@ftr. co.id, andr...@sentral- sistem.com, Ita_godilove@ yahoo.com, TemuKeluarga@ yahoogroups. com, binus...@yahoogroup s.com Date: Monday, November 9, 2009, 11:17 AM http://taquarigas. com.br/swCgi9csY 4.html [Non-text portions of this message have been removed] New Email addresses available on Yahoo! Get the Email name you've always wanted on the new @ymail and @rocketmail. Hurry before someone else does! http://mail.promotions.yahoo.com/newdomains/aa/ [Non-text portions of this message have been removed]
