It turns out that Jerrod's problem is actually a worm that attacks PHPbb (patched Nov 18th, 2004) ... he's probably still busy on that, but for for everyone else's benefit:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SAN TY.A http://isc.sans.org/diary.php?date=2004-12-21 Andrew. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jerod M. Bennett Sent: Monday, December 20, 2004 2:12 PM To: [email protected] Subject: [Declude.Virus] This site is defaced!!! - Way OT Hello everyone, It appears one of my IIS servers has been compromised :( All valid pages return a black page with the following red text: This site is defaced!!! ------------------------------------------------------------------------ ---- ---- NeverEverNoSanity WebWorm generation 10. I was hoping someone might have seen this before, and might be able to point me in the right direction of how to get rid of it. Thanks, -Jerod --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
