I can get to this in 6 hours or so, maybe someone is willing to jump on this before then?
-Andrew On Jan 30, 2013, at 11:06 AM, KheOps <[email protected]> wrote: > Dear Libtech, > > We just saw that the website : http://www.syrian-martyrs.com is probably > compromised. Every page of the website contains an iFrame which links to > a .exe file which is detected as a virus by antivirus software: > http://acadcisco.unisla.pt/downloads/uploads/software/ActiveX.exe > > The fact that the HTML code is present at the bottom of each page makes > me think that the "index.php" page has been changed in a way that makes > that iFrame appear on every page of the website, after the dynamic content. > > It also probably means that the attackers have some kind of access to > the server. My guess would be going to a PHP shell, but I'm no expert in > this. > > Any help, clue, investigation, would be very welcome :) > > Thank you, > KheOps > > -- > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
