Not sure if any more info on this subject has came up, but here is the contents of the file gm.vbs that was doing all the dirty work: http://paste-it.net/public/v22f672/
I have also noticed a new file named: 1.exe in the c:\ root directory. It has an icon of "BMW" (the car company), not sure if that has something to do with it either. -Nathan On Thu, Apr 16, 2009 at 7:56 PM, Al Musella, DPM <muse...@virtualtrials.com>wrote: > > A few ideas: > 1. Set the ftp security to only allow > connections from specific IP addresses. If the > user has a dynamic ip, then use his entire > range.. better than letting the entire world in > 2. Your blog shows why I said to Michael to > reformat the drive and reinstall everything when > he was attacked. Once you let someone else get > access to your server, there is no way you can > ever trust it again. It has to be reformatted. > 3. I know it isn't the right way to fight an > attack, but for this specific attack, just > put your index.cfm file into a different file, > then have your index.cfm file just do a > cflocation to that page. If the hack adds stuff > to the index.cfm page, nothing will happen to the users. > > > At 03:31 PM 4/16/2009, you wrote: > > >For those interested I have compiled all I know about this attack into a > >blog post: > > > >http://www.coldfusionmuse.com/index.cfm/2009/4/16/iframe.insertion.hack > > > >Again, we have not specifically identified the attack but we have lots of > >information and a stop gap measure :) > > > >-Mark > > > > > >Mark A. Kruger, CFG, MCSE > >(402) 408-3733 ext 105 > >www.cfwebtools.com > >www.coldfusionmuse.com > >www.necfug.com > > > >-----Original Message----- > >From: Mark Kruger [mailto:mkru...@cfwebtools.com] > >Sent: Tuesday, April 14, 2009 5:37 PM > >To: cf-talk > >Subject: RE: Question about hack > > > > > >Thanks... I'll add that to my list. > > > >I have a pretty hefty blog post coming out on this tomorrow (or hopefully > >tomorrow :). > > > >-mark > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321844 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
