Dear Libtech, We just saw that the website : http://www.syrian-martyrs.com is probably compromised. Every page of the website contains an iFrame which links to a .exe file which is detected as a virus by antivirus software: http://acadcisco.unisla.pt/downloads/uploads/software/ActiveX.exe
The fact that the HTML code is present at the bottom of each page makes me think that the "index.php" page has been changed in a way that makes that iFrame appear on every page of the website, after the dynamic content. It also probably means that the attackers have some kind of access to the server. My guess would be going to a PHP shell, but I'm no expert in this. Any help, clue, investigation, would be very welcome :) Thank you, KheOps
-- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
