> The idea that there's no visible indication in the "view source" makes me > consider that as well - but why would it just appear on a login page for the > cfadmin? Perhaps it looks for specific form field names and throws up the > "java out of date" message to prey on fears of folks logging in to various > things...
There are two possibilities here. One is that, while it doesn't show up in the view source for a given page, a JS library referenced in the page has been compromised to rewrite page content. The other is that there's a local malware issue that's rewriting the page content. In either case, it could be designed only to respond to specific URLs or URL patterns. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Service-Disabled Veteran-Owned Small Business (SDVOSB) on GSA Schedule, and provides the highest caliber vendor- authorized instruction at our training centers, online, or onsite. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359629 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
