On Saturday, 12 April 2014 at 09:36:42 UTC, Kagamin wrote:
On Saturday, 12 April 2014 at 06:38:16 UTC, Andrej Mitrovic
wrote:
Unbelievable. 40$ to delete a file.
Sounds like the virus opposes naive deletion. One should first
need to find its guard. Well, anyway, such things require
security specialist, so they cost money.
Mike should delete everything from the current site. Hope that
will stop further distribution of the virus.
I think the question should be asked, "How did that file got
there?"
Was there a security hole in the blog software?
Was the password guessed, sniffed or stolen?
(There exists Windows malware that steals saved FTP/SCP
passwords...)
Until the security hole is closed for good, the file may reappear
again.
I would suggest looking at the file's modification time, and
checking the HTTP / FTP access logs for suspicious activity
around that time.
