Team FYI and Research. Regards Sandeep Thakur
---------- Forwarded message ---------- From: Ali Asghar Toraby Parizy <[email protected]> Date: Thu, Sep 8, 2011 at 1:01 AM Subject: There is a strange get request header in all web pages of my site? I'm worry about Trojan attack! To: [email protected], [email protected] Hi. Today I found that Kasper Anti Virus has blocked my site and says to the clients that this site is affected by a Trojan. At the other hand I usually surf the Internet using Firefox. But today I used IE to open my own site. But IE tells me following warning: This page contains content that will not be delivered using a secure HTTPS connection... I traced my site with Fiddler debugging toll and I found that each time I send a request to the site a get request handler is established to the following URL: "http://carlos.c0m.li/iframe.php?id=v4pfa24nw91yhoszkdmoh413ywv6cp7"; I've searched about "carlos.c0m.li" in the internet and I saw in "Google safe Browsing" something about that host in the following URL: http://google.com/safebrowsing/diagnostic?site=carlos.c0m.li/ Google says that, that host has a maleware. please look at that report and suggest a way to remove this bad thing from my site. I've searched most of my public html directory. but I haven't found any file that makes following http header. I have no idea. How can I find that? ----- this is header that fiddler detects for every file that I open in my site: GET /iframe.php?id=v4pfa24nw91yhoszkdmoh413ywv6cp7 HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Connection: Keep-Alive Host: carlos.c0m.li HTTP/1.1 404 Not Found Date: Wed, 07 Sep 2011 18:42:02 GMT Server: Apache/2 Accept-Ranges: bytes Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Content-Length: 233 Keep-Alive: timeout=1, max=100 Connection: Keep-Alive Content-Type: text/html ? ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
